In fact it goes further than that - pretty much every Linux package manager will refuse to even load packages from a repo unless the repo's PGP key matches up with the public key on your local system. You cannot add a new repo without adding the PGP key. If a malicious actor hacked the repo, they could not push out packages without also obtaining access to the private PGP key of the repo owner.

Windows users may be used to installing random executables, but Windows systems also tend to have a lot of malware. Linux has many extra layers of security vs Windows, which doesn't even have a package manager unless you install a third party one - same is true of macOS as well, if we're being fair.

Point is, when discussing Linux security, saying "but piping random scripts direct to bash with sudo is as secure as Windows" is basically the computing equivalent of "better love story than Twilight."