My issue with this style of verification is more that it normalises running commands right in the terminal. Commands that come from place you kind of trust. And poof at some point it will contain some nefarious code. Instead of using a package manager (the curl to bash variant) or running these commands in a container/vm.