Not saying you are wrong (you are not, you technically can download the script in one step, read it and then feed the local copy to bash) but someone posted a proof of concept a couple months ago that used user agent sniffing to potentially fool people into reading one thing and running another if they used the browser to read the source but curl to pipe the script into bash.
