You are essentially asking what is safer than running arbitrary code from the internet sight unseen directly into your shell and I guess my answer would be any other standard installation method!

The OS usually has guardrails and logging and audits for what is installed but this bypasses it all.

When you look at this from an attackers perspective, it’s heaven.

My mom recently got fooled by a scammer that convinced her to install remote access software. This curl pattern is the exact same vector, and it’s nuts to see it become commonplace

> You are essentially asking what is safer than running arbitrary code from the internet

No, I'm asking what is a safer method when I want to install some code from the internet.

> The OS usually has guardrails and logging and audits for what is installed but this bypasses it all.

Not everything is packaged or up-to-date in the OS

> My mom recently got fooled by a scammer that convinced her to install remote access software.

Remote access software are packaged in distros too.

> My mom recently got fooled by a scammer that convinced her to install remote access software.

But I bet she didn't install it with curl piped to bash. The point isn't that curl|bash is safe, but that it isn't inherently more dangerous than downloading and running a program.