[zzo38computer]

> If you read the script before you pipe it into your shell, it's safe.

If you download it first before executing it (instead of downloading it a second time when executing it), then that mitigates one problem, but still not all of them (like you mention). Other mitigations are also possible, such as hashing, certificate pinning, sandboxing, etc.

[Epa095]

This is a good point. Made me think about how I will usually read if first, but in the browser. And it's easy for the server to check the user agent, and serve me a different version in the browser!

[kreetx]

Yup. The script that you execute should literally be the one that you read. (I.e, no downloading twice)