Comment by xiii1408

The install hooks are chrooted inside the pacman install directory.

But, yeah, they run as root, so they can still do damage.

My point was that the danger zone is when you trust the package, rather than when you run the PKGBUILD itself with `makepkg`. Of course `makepkg -i` runs both `makepkg` and `pacman` as root.