Phil over at https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/ did a pretty nice real world write-up on why it's sub-optimal to directly pipe scripts from the Internet into your shell.

http://rootme.sh is was a live example running his code to illustrate the point, but is now owned by domain squatters.

neech@nicolaw.uk:~ $ curl -sSk https://rootme.sh
sleep 3
echo "Hello there :)"

neech@nicolaw.uk:~ $ curl -sSk https://rootme.sh | bash
      ▄▄▄▄▀▀▀▀▀▀▀▀▄▄▄▄▄▄
     █░░░░▒▒▒▒▒▒▒▒▒▒▒▒░░▀▀▄
    █░░░▒▒▒▒▒▒░░░░░░░░▒▒▒░░█
   █░░░░░░▄██▀▄▄░░░░░▄▄▄░░░░█
 ▄▀▒▄▄▄▒░█▀▀▀▀▄▄█░░░██▄▄█░░░░█
█░▒█▒▄░▀▄▄▄▀░░░░░░░░█░░░▒▒▒▒▒░█
█░▒█░█▀▄▄░░░░░█▀░░░░▀▄░░▄▀▀▀▄▒█
 █░▀▄░█▄░█▀▄▄░▀░▀▀░▄▄▀░░░░█░░█
  █░░░▀▄▀█▄▄░█▀▀▀▄▄▄▄▀▀█▀██░█
   █░░░░██░░▀█▄▄▄█▄▄█▄████░█
    █░░░░▀▀▄░█░░░█░█▀██████░█
     ▀▄░░░░░▀▀▄▄▄█▄█▄█▄█▄▀░░█
       ▀▄▄░▒▒▒▒░░░░░░░░░░▒░░░█
          ▀▀▄▄░▒▒▒▒▒▒▒▒▒▒░░░░█
              ▀▄▄▄▄▄░░░░░░░░█

https://www.seancassidy.me/dont-pipe-to-your-shell.html
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/

I know we all do it, but it's probably not a good idea to pipe curl directly
into your shell. Who knows what nasty things someone might do?