I remember one of the first times I tried installing Linux software in the wild. The bash script asked for your password, sent it to their server using curl then returned you the script with the password hard coded into it, run itself with sudo, all over unencrypted http. I was 17 but even then I stopped to think if this was a good idea.

It wasn't.