2
reCaptcha : that could be turned into a module, and hooks into the core. This might be difficult however.
Webinstall : if you want some security, you will need to devise a way to store hash signatures on a server, with the webinstall verifying if the signatures match before proceeding with the install.
Doing that might also give the impression to users that you vouch for the files that you distribute, making them come to you when a badly written module screws up their site, or makes it vulnerable.
Making XOOPS easier to install will lower the barrier, and will create an influx of users that in many cases don't have a clue what they're doing. The number of support requests will certainly rise sharply.
I'm not saying not to do it. Having an easy setup routine is great. XOOPS needs the resources (time, people and bandwidth) to make it work as smoothly and professionally as possible.