But this technique lets you serve malicious code to a small number of people using curl|bash, rather than hosting obviously-bad binaries that anyone can inspect and call you out on. It also lets you target the attack to specific users or IP blocks.

The previous HN discussion said it better than I can: https://news.ycombinator.com/item?id=17636032