it tells you they're just like basically every other CLI targeting project for the last 15 years? I mean is it a big security hole we all accept, yes, it is. But it's not really indicative of much. That's also how I install rust.

We also accepted the security risks of npm and such and we get one supply chain attack after another.

Maybe security should be at a higher position on our priority list.

The careless days are ultimately over but we still don’t act like that.