Trust but verify
So I read this article which is a response to this article recently. The reaction article is what triggered me to write this post.
In it the author states that it is stupid to consider piping shell scripts from the internet directly into a shell to be considered a security vulnerability or even a malpractice. The reason he gives is you already trust all the other software the vendor made why not this install script? Or why not the website itself?
Invulnerability
No one software vendor is invulnerable to attack. There have been many cases in the recent past of packages across languages being injected with malware. From Ruby to NPM. This means that sites could be compromised or even the install scripts. The reason install scripts from Github could be compromised is because the software developers' account on there could be compromised.
Check yourself before you wreck yourself
The thing is it is good to have a healthy dose of mistrust and trust the vendors but verify it is all alright.
You can do this by inspecting the code periodically, or in the case of install scripts what it is actually doing. You can always run the hash checksums or the GPG check to verify it. You could shut everything else off and have a look with a network packet inspector if anything fishy is going on.
The routine you want to get yourself into is the fact you check everything at least with a cursory glance before you blindly run everything.