Users want an installer. You can see what the installers are doing by looking at the scripts in the repo (this is an open source project). Admin permission is necessary to write to the Global VST folder. You can direct your "Wow" at Steinberg if you want. The spec was recently updated to allow for a User install location which has been considered: https://steinbergmedia.github.io/vst3_dev_portal/pages/Techn...
> You can direct your "Wow" at Steinberg if you want.
Plenty of plugins just ship with a README and tell you where to drop em though! Even paid. So especially if it's OSS I don't think it's bad to require a bit of effort from the user especially if it takes unpaid time maintaining the installer wrapper. Thanks for the bundle link!
Of course it's more convenient. You just have to hope a hacker did not replace the link on their website to a modified version or not sneaked some code into their installer code through a dependency. Installer is basically root for free so it's very tempting.
If you don't want an installer, you can download the pluginsonly bundle on the release page and do it yourself: https://github.com/surge-synthesizer/releases-xt/releases