When people say "curl|bash", this usually means secondary fetches, random system config changes, likely adding stuff to user's .bashrc

But it's not quite that bad in this particular case - they are fetching pre-built static toolchain, and running old-school install script, just like in 1990s. The social convention for those is quite safer.

(Although I agree, it is pretty ironic that they prefer this to using ppa or binary packaged into deb...)