I personally try and use my operating systems package manager for all applications (in this instance, dnf on Fedora). The moment you start adding a million repos, third party package managers, Flatpaks, Snaps, random curl install scripts, etc, it becomes extremely unmaintainable.
What happens if the curl application depends on openssl, maybe with a legacy or specific cryptographic function? I assume the curl script will either install the required version, or include the relevant libraries right? Now that is outside of the system package managers scope, meaning updating openSSL to avoid some vuln now requires extra work.
What happens when you go from Fedora 44 to 45? You should be checking all your applications are supported on whatever version or operating system you are running. There is a decently high chance you run into dependency issues when some lib version is updated.
Package Managers are (generally) more secure and simple to use for an end user (they are using the OS to begin with).
Curl scrips are easier for the software developers.
Understand that 99% are comfortable trusting downloads. They know that it's just as easy to sneak backdoors into source code as it is to sneak backdoors into executables.
99% of developers are most definitely not comfortable piping a script into the shell.
I would never runa script without reviewing it. I would install a package from a distros repository without reviewing the contents, however, because I can trust that a distro maintainer has reviewed it, that anyone else in the community can review it, and that that the bytes I'm downloading are the specific bytes I'm supposed to be downloading.
If you run a script off the open internet, you're being massively irresponsible. There are so many attack vectors that could be used here, and they are much easier to implement than something like the massive social engineering attack that was XZ.
Because then you can install it without depending on a package manager?