It is if the script is written badly, gets truncated while it's being downloaded, and fails to account for this possibility.

Look into tailscale's installation script, they wrapped everything into a function which is called in the last line — you either download and execute every line, or it does nothing.

This "what if it gets truncated in the middle of the download, and the half-run script does something really bad" objection gets brought up every time "curl | bash" is mentioned, and it always feels like "what if a cosmic ray flips a bit in your memory which makes the kernel erase your hard drive". Like, yes, it could happen in the same way getting killed by a falling asteroid could happen, but I'm not losing sleep over it.

Serious question, why or how would a script get truncated when transferred over https?

Just living far from major datacenters is enough. I get truncated downloads pretty regularly, maybe a couple times a month or so. The network isn't really all that reliable when you consistently use it across the globe.

It usually happens on large files though, due to simple statistics, but given enough users, not hard to imagine it happening with a small script...

That's easily fixed by adding Content-Length headers.

You pull the Ethernet cable out before it finishes. Or your wifi router hiccups

Wouldn’t the download terminate without emitting the script?

That's quite uncommon. Typically your distribution checks that the downloaded source/binary has the correct checksum and an experienced maintainer checked the (sandboxed) installation. Here someone puts an arbitrary script online that runs with your user's permission and you hope that the web page is not hijacked and some arbitrary dev knows how to write bash scripts.