It's not really different than downloading a .msi or .exe installer on Windows and running it. Or downloading a .pkg installer on macOS and running it (or running a program supplied in a .dmg). Or downloading a .deb or .rpm on Linux and running it.
It's all whether or not you trust the entity supplying the installer, be it your package manager or a third party.
At least with shell scripts, you have the opportunity to read it first if you want to.
It's all whether or not you trust the entity supplying the installer, be it your package manager or a third party.
At least with shell scripts, you have the opportunity to read it first if you want to.