I’m with you, OP. I’ll never blindly do that.

Also, to add to the reasons that’s bad:

• you can put restrictions on a single executable. setuid, SELinux, apparmor, etc.
• a simple compromise of a Web app altering a hosted text file can fuck you
• it sets the tone for users making them think executing arbitrary shell commands is safe

I recoil every time I see this. Most of the time I’ll inspect the shell script but often if they’re doing this, the scripts are convoluted as fuck to support a ton of different *nix systems. So it ends up burning a ton of time when I could’ve just downloaded and verified the executable and have been done with it already.

It’s just an API that allows a web page to draw in a box. The problem is, that for a bunch of technical reasons that I’m mostly not aware of, it can be used to fingerprint you.