It's fairly easy (trivial) to serve a different install script to a full web browser than to curl.
That's just one of the problems, but I'd say it's the main one. If you truly trust the creator with install power, download the script yourself with curl/wget/whatever, have a glance if it's what you expect, and fire away.
That's just one of the problems, but I'd say it's the main one. If you truly trust the creator with install power, download the script yourself with curl/wget/whatever, have a glance if it's what you expect, and fire away.