I really don't see what's to object about. People who care about security can review it. People who just want it to work and don't care about security will blindly execute whatever instructions are written on the site. If the app is malicious then the latter group is screwed no matter what, doesn't matter whether it's 'curl | sh' or whether it's a .dmg/.zip/.tar.gz.