Curl | sh is gold. It’s like finding a candy bar on the street and eating it heh.

You can say the same about the vast majority of distribution methods we have. There's no difference between `curl | sh` and executing a binary you download from the internet.

Checksums and signatures make it slightly better. At least you can go from OK to vulnerable by downloading the same thing as an hour ago. But if you upgrade then yeah.