I wonder how many preinst/postinst scripts are being read by apt users prior to install/upgrade? These run as root, making them a bit worse than the typical curl|bash after all.