> If you read the script before you pipe it into your shell, it's safe.

This isn't strictly true. It's possible to detect on the server side if curl is being piped and deliver different content: https://web.archive.org/web/20241224173203/https://www.idont...