One thing that will become important pretty quick if you continue making these scripts is that it’s almost always better to wrap your variables in quotes - so it becomes
yt-dlp -x “$a”.
Oh man, this reminds me of the joke that any program that’s more complex than Hello World has bugs – and folks still don’t even agree how to spell “Hello, World!”.
Of course, Bash is a particular minefield in this regard…
Firefox Sync is end-to-end-encrypted. Mozilla cannot see your synced data.
Either way, I have no idea how this is supposed to happen without you entering your credentials into Firefox at some point. Even if Mozilla wanted to be sus, they couldn’t just guess which account is yours.
Are you using Firefox Sync with the same e-mail address? I believe, that all gets put into the same account system.
It’s mentioned as the second point in “But that’s not all…”:
An optional new login manager for Plasma
I mean, I typically see it used for installing applications, and so long as TLS is used for the download, I’m still not aware of a good reason why you should check the Bash script in particular in that case, since the application itself could just as well be malware.
Of course, it’s better to check the Bash script than to not check it, but at that point we should also advise to download the source code for the application, review it and then compile it yourself.
At some point, you just have to bite the bullet and I have not yet seen a good argument why the Bash script deserves special treatment here…
Having said that, for cases where you’re not installing an application, yeah, reviewing the script allows you to use it, without having to trust the source to the same degree as you do for installing an application.