Rust is a language in active development, continually getting improvements and new features. Using Rustup is the best way of managing up to date toolchains (and multiple toolchain versions if you have to).
It's no harder than apt-get install, and sets the best practice early on so that someone doesn't get confused and have to switch later.
"curl | sh" is only an anti-pattern in the sense that you have to trust the source (and therefore "curl | sh" without https is bad). It gives exactly the same ability to execute arbitrary code on your machine as downloading an RPM/DEB does, or adding a vendor specific repo (e.g. Docker). Distro package repos probably have broader scrutiny of the contents of packages, but there are a lot of packages so how sure can you be?
I agree with your main point, but would like to add that apt does have additional signature verification with gpg, so it's a bit more secure than just https (e.g. anyone with access to a trusted CA and your network can mount an active attack against you).
HTTPS also doesn't guard you against someone replacing the binaries on the server (e.g. what happened to transmission). It also doesn't protect you from misconfigured corporate or state level MITM firewalls that don't check certificate validity.
HTTPS is intended for transport security. Using it for package authentication is generally a mistake. That's why most distributions accept the additional complexity of PGP instead of only relying on HTTPS.
It's no harder than apt-get install, and sets the best practice early on so that someone doesn't get confused and have to switch later.
"curl | sh" is only an anti-pattern in the sense that you have to trust the source (and therefore "curl | sh" without https is bad). It gives exactly the same ability to execute arbitrary code on your machine as downloading an RPM/DEB does, or adding a vendor specific repo (e.g. Docker). Distro package repos probably have broader scrutiny of the contents of packages, but there are a lot of packages so how sure can you be?