A lot of people are apparently happily running a script clearly marked as a root exploit from some random website using curl | bash 
Some do inspect the script, but then still run it using curl | bash anyway. 
Incidentally, this very relevant blogpost about detecting curl | bash and serving different scripts based on that is almost exactly a decade old:
web.archive.org/web/2023031806…
Detecting the use of "curl | bash" server side | Application Security
Another reason not to pipe from curl to bash. Detecting curl | bash serverside.web.archive.org
