"Avoid using Homebrew" is misleading

[quackerex]

Also avoid using Homebrew.

This referenced security issue only relate to homebrew casks

Note that Homebrew asks you to grant “App Management” (or “Full Disk Access”) permission to your terminal.

When you use Homebrew to install formulae (aka packages) Homebrew does not ask for that permission.
I think it should be paraphrase to "Avoid using Homebrew casks"

Regarding the security of installing Homebrew packages this section from their FAQ page implies some security measures by use of macOS sandbox.

Why does Homebrew say sudo is bad?
tl;dr Sudo is dangerous, and you installed TextMate.app without sudo anyway.

Homebrew refuses to work using sudo.

You should only ever sudo a tool you trust. Of course, you can trust Homebrew 😉 — but do you trust the multi-megabyte Makefile that Homebrew runs? Developers often understand C++ far better than they understand make syntax. It’s too high a risk to sudo such stuff. It could modify (or upload) any files on your system. And indeed, we’ve seen some build scripts try to modify /usr even when the prefix was specified as something else entirely.

We use the macOS sandbox to stop this but this doesn’t work when run as the root user (which also has read and write access to almost everything on the system).

Did you chown root /Applications/TextMate.app? Probably not. So is it that important to chown root wget?

[beerisgood]

Homebrew is a third-party package manager and thus increases the attack surface, so it is not misleading.

Users will not deal with homebrew so intensively, only to find out that individual aspects are more insecure than others. So it would be very negligent to recommend the program anyway.

[quackerex]

Homebrew is a third-party package manager and thus increases the attack surface, so it is not misleading.

I don't think this is issue isolated to Homebrew. Anything you install on the system will increase the attack surface.

I do believe Homebrew is secure option for installing packages. The alternative is using macOS installer packages(.pkg) which isn't great either. In my experience, updating them is cumbersome, runs with higher privileges and tend to pollute the system (but you can use application like suspicious package[not affiliated] know in advance where it is going to be installed).

Users will not deal with homebrew so intensively, only to find out that individual aspects are more insecure than others.

Fair enough.

[beerisgood]

I don't think this is issue isolated to Homebrew. Anything you install on the system will increase the attack surface.

Sure!

I do believe Homebrew is secure option for installing packages. The alternative is using macOS installer packages(.pkg) which isn't great either. In my experience, updating them is cumbersome, runs with higher privileges and tend to pollute the system (but you can use application like suspicious package[not affiliated] know in advance where it is going to be installed).

Both aren't good. Best for security is the AppStore.
Homebrew may be fine in certain scenarios, I just don't want to recommend a third-party "store" if there is a safer option.