It is absolutely possible to know as the server serving a bash script if it is being piped into bash or not purely by the timing of the downloaded chunks. A server could halfway through start serving a different file if it detected that it is being run directly. This is not a theoretical situation, by the way, this has been done. At least when downloading the script first you know what you'll be running. Same for a source tarball. That's my main gripe with this piping stuff. It assumes you don't even care about the security.
At the end, in redirection, <<
: that's not how here-documents work. The example gives the impression it will read the given file up until "STOP", but in reality the shell expects you to keep writing your here-doc until you write "STOP" and then feeds it to the program as if it were all on stdin. I don't think wc even does anything with the stdin if you give it a filename...
Note that variable expansion will happen in here-docs, so it's a bit different than a simple cat
.
Also look into here-strings. And process substitution, I find that quite handy.