Because even with HTTPS that script might not do what you expect and then is too late, xz style attack.
You're already installing a binary, the script is not the weak link here.
alt Hacker News
You're already installing a binary, the script is not the weak link here.