First of all, thanks for trying out Appsmith and doing a security review. The link you pasted is actually an out-dated installation script that we used to use only for tracking if a user is facing errors during installation. This script has been deprecated approx 10 months ago. We should probably remove it from the code base as well to reduce confusions. Now, you can spin up a Docker container directly without having to go through any shell script.

Having said that, Appsmith doesn't track any PII data from an installation. Any & all telemetry within Appsmith is strictly opt-in. You can disable this as well when setting up Appsmith or any time afterwards. Please check https://docs.appsmith.com/telemetry#disable-telemetry for details.

We understand that security is paramount to users of Appsmith and thousands of teams use Appsmith to interact with sensitive data. Hence, we take data security very seriously. If you have any concerns about our security practices, I'd love to hear from you at security[at]appsmith.com. We will aim to fix any such concerns immediately within the product.