`curl | bash`: Trust as a privilege?

We often hear that using curl | bash is insecure. That no one should ever pipe remote scripts directly into a shell. And yet… the biggest open source projects do it all the time. Docker installs with curl | sh. nvm, oh-my-zsh, Homebrew – all follow the same pattern. And we trust them. Why? Because they’re popular? Because they have a logo? Because their websites look professional? Meanwhile, smaller projects are held to a different standard. They are questioned, scrutinized, distrusted – e...