Presumably you already trust homebrew to run arbitrary code on your machine.

You better walk over to the Homebrew office and get the update on a USB stick then, Mr. Safety!

If you read the blog post, GitHub has checked all their repos for for this exploit and is blocking it on pushes; cloning from GitHub should be safe.

The blocking pushes is what I was concerned with, along with brew searching pull requests.

I'm fairly confident Homebrew isn't exploiting this