If someone can drop a file in your ~/bin, they can also edit your shell’s startup files to add their malicious command.