If the installer is a precompiled binary, not much, though this is mostly a Windows-ism these days.

If we're considering the same batch script: You can read it,it before running and be sure that the endpoint doesn't dynamically give you different results depending on how you fetch it.

In either case, the proposal here was flatpak, which does provide security benefits like sandboxing.