How are you confident the binary you install from the developer doesn’t contain a malicious payload?

The issue is not that pirated executables might contain malware, but that people don’t have a clue how to identify safe sources. As consumers we use corporate trust (reputable company). As pirates, we use social trust (scene, fitgirl, etc… Neither method discovers malware.