Even if you check, you should download with curl and check the downloaded file, then run that, as a malicious server could present a normal download to browsers based on user agent and other fingerprinting data, while presenting a malicious script to curl
Wish people would stop suggesting the pipe to bash scripts as an install method but the simplicity of being able to tell all Linux and Mac users to just paste a string into their terminal to install and letting the script deal with any differences between systems is probably why we keep seeing it for major projects, rather than a long list of instructions for different distros
Even if you check, you should download with curl and check the downloaded file, then run that, as a malicious server could present a normal download to browsers based on user agent and other fingerprinting data, while presenting a malicious script to curl
Wish people would stop suggesting the pipe to bash scripts as an install method but the simplicity of being able to tell all Linux and Mac users to just paste a string into their terminal to install and letting the script deal with any differences between systems is probably why we keep seeing it for major projects, rather than a long list of instructions for different distros