Remote servers can change their payload depending on whether they detect curl used standalone or if its outputs are piped into bash.
The final advice:
The better solution is never to pipe untrusted data streams into bash. If you still want to run untrusted bash scripts a better approach is to pipe the contents of URL into a file, review the contents on disk and only then execute it.
This doesn’t apply to anything Whonix does as files downloaded are always verified before being read/executed.