Well, the existing Linux package managers aren't really safer as far as the archive formats go; for example, .debs can run arbitrary shell scripts during installation. The main thing that seems to add to the safety is the social practice of grabbing debs via trusted repositories using apt-get/aptitude/synaptic, rather than manually downloading them from random sites and doing dpkg -i. But if there is malware, it's even worse, because at least these shar installers are usually installed as non-root, while installing a .deb needs root.
Commercial games with Linux versions often still use this (or a variant). Not too sure why; perhaps because it's the closest Linux equivalent to the self-extracting installer archives they use on Windows?
When dealing with users who may not be completely familiar with package management, and creating a single cross-platform package, it can be very helpful to prevent the data and its installer from being separated. It's a very simple way to bundle some logic with an archive as well, as the script can be modified after it is generated.
