It's crazy that so much ink is spilled on curl | bash, but then those same people will happily run the 50MB binary it downloads for you without a second thought. Someone explain this to me, please.

Let's consider rust: https://www.rust-lang.org/tools/install

Specifically, consider these two files:

A. a shell script, written by the Rust core developers, hosted on the Rust official website behind TLS

B. a compiler binary, written by the Rust core developers, hosted on the Rust official website behind TLS

Why is everyone so afraid of A, but not afraid of B?