Yeah, that's great!

Imagine we would download random code from the internet and just execute it, like with NPM, PIP, Maven, Cargo etc.

I don’t think that matters as it’s usually curl | sudo sh

Or npm being allowed to run arbitrary post install scripts

I literally ship an installer that runs with curl | bash... reading this thread while patching my servers is a fun experience lol