Yes, this is very bad, worse than before. A software installer should NEVER download and execute some other software without asking and fully disclosing what it is doing. I do not want to have something download and execute, and only to hope that it does nothing to my system. Even if the software is trusted by the developers, the 3rd party could change this at any time without warning.
After the installer executes, the only way to stop it is to decline the license. We all know that most users will just click on buttons to make the dialog go away, and this kind of installer is preying on that fact.
The checkboxes in the previous versions were still a bit buried unless you stopped to read every little thing on the screen, and users complained about this a lot, but this new method makes it even harder to trust the project and its direction.
Here are the queries the installer makes:
Here's the opencandy web site: http://www.opencandy.com/
P.S. There also need to be options about creating icons on the desktop. Even the most minimal modern installers still include this as an option.