Composer - safer download, installation

- The official instructions are less risky than what we have now as they include an SHA check.
- Encourage people a little more strongly to install globally.
- Improved explanation of .phar archives.

_posts/04-02-01-Composer-and-Packagist.md

@@ -14,21 +14,19 @@ There are already a lot of PHP libraries that are compatible with Composer, read
 
 ### How to Install Composer
 
-You can install Composer locally (in your current working directory) or globally (e.g. /usr/local/bin, recommended).
-Let's assume you want to install Composer globally:
+The safest way to download composer is by [following the official instructions](https://getcomposer.org/download/).   
+This will verify the installer is not corrupt or tampered with.  
+The installer installs Composer *locally*, in your current working directory.
+
+We recommend installing it *globally* (e.g. a single copy in /usr/local/bin) – to do so, run this afterwards:
 
 {% highlight console %}
-curl -sS https://getcomposer.org/installer | php
 mv composer.phar /usr/local/bin/composer
 {% endhighlight %}
 
-**Note:** If the above fails due to permissions, run the `mv` line again with `sudo`.
+**Note:** If the above fails due to permissions, prefix with `sudo`.
 
-This will download `composer.phar` (a PHP binary archive). You can run this with `php` to manage your project
-dependencies.
-
-**Please Note:** If you pipe downloaded code directly into an interpreter, please read the
-code online first to confirm it is safe.
+`composer.phar` is a PHP [binary archive](http://php.net/manual/en/intro.phar.php). Like any PHP application, you can [run these](http://php.net/manual/en/phar.using.intro.php) with `php`.
 
 #### Installing on Windows