Security of Shell Integration and a Privacy Policy

Perhaps clicking "Install Shell Integration" shouldn't immediately start downloading and executing the above shell script, but there could be a warning dialog, something like:

Do you wish to download and execute: https://iterm2.com/misc/install_shell_integration_and_utilities.sh in the current shell?

I'd argue the .sh file should also be signed with something like a PGP key, and that signature could then be compared locally against the installed version. This would prevent potential man-in-the-middle attacks or server-hacking, causing malware being installed locally.

It would be great if there were an option to route the initial installation through a Proxy. The scripts and the initial installation call would have to be adjusted:

curl -L https://iterm2.com/misc/install_shell_integration_and_utilities.sh | bash

Alternatively, it might just be easier if the shell integration scripts were distributed together with iTerm2 via the same channel and simply pasted onto the open shell (since they're text files anyway)?

The other big question is: Could the Shell Integration leak IP or other personal data? It would be great if this were answered in the FAQ on the website.

This question is especially important for all those using VPNs or Tor. In your answer, you should also include whether you store logs for https://iterm2.com and what's your retention/privacy policy.