The article mentions that it catches wget | bash as well. I imagine it's due to the fact that bash's characteristic network signature is what they're really detecting, not curl/wget.

Also people not reading the source code of software they install, which has similar security implications to curl | bash.

Node would be literally unusable if people read all the code they're installing and running. I personally wouldn't be able to use Deluge, Chrome, or VS Code every day if I did that.

At some point there's an element of just trusting software because lots of other, smarter people trust it. It's a terribly flawed system, of course.

Yes, precisely. Install software from verified sources (either signed packages or fetched from encrypted, identity verified websites). Whether you use curl or not is irrelevant.