Yes, and it's pretty much harmless in itself, but since when does installing one package (esp. from a third party with no verification beforehand) install a new apt key into your keyring (thus allowing all packages signed by that key, no matter what they are) and reconfigure the package manager itself? It's ludicrous.
It's not a mistake: the development deb for Chrome did exactly this - installed the repository key and a cron job to "protect" the apt-sources entry. Of course it's not really doing this secretly, in that you can read about it in the post-install script before you run dpkg, but I agree it doesn't feel right.
Also, can't this be said of any package you install through the package manager? If you install it as root, then in principle you're giving root access to whatever is in the package. If you don't like it, there's always a way to run it with ordinary permissions (but the extra fiddling to get that working may be hairy) or under mandatory access control (definitely hairy).
If you run their code in any way you're already giving them control of your system. Even if you're one of the vanishingly small number of people who use a separate admin account they're getting full control of your account if they want it.
Installing a repo & apt key is a good sign that they're playing by the rules rather than trying something sneaky.
