It sounds to me like this is downloading the toolchain as though it were any other Go package and compiling it. I'm not sure it's downloading binaries, as the article suggests.
From the Go Toolchains documentation:
"When using GOTOOLCHAIN=auto or GOTOOLCHAIN=<name>+auto, the Go command downloads newer toolchains as needed. These toolchains are packaged as special modules with module path golang.org/toolchain and version v0.0.1-goVERSION.GOOS-GOARCH. Toolchains are downloaded like any other module, meaning that toolchain downloads can be proxied by setting GOPROXY and have their checksums checked by the Go checksum database."
Curious what your concerns are? As of Go 1.21 the toolchain will be fully reproducible [https://github.com/golang/go/issues/57120] and since the binaries will be distributed through the module system it'll be possible to verify that everyone is getting the same binaries. So you can be pretty confident you'll end up with the same bytes as if you downloaded the source and compiled yourself.
In principle, I like the idea of it. Whether or not it's a binary or source to be compiled locally is irrelevant, I suppose.
My concern is that it's not clear to me how this will look on my computer. Currently, I download the source tarball and build with the latest Go toolchain I have previously installed. I then change the path to point to the newly built toolchain.
So, in the future, what is it I'm downloading? How does the toolchain get updated exactly? Where does the new executable reside? What happens to the toolchain that I explicitly built and installed? How does Go1.21 change my path?
As I say, I like the idea in principle but there are details that I think are important, that don't seem to have been explained anywhere.
From the Go Toolchains documentation:
"When using GOTOOLCHAIN=auto or GOTOOLCHAIN=<name>+auto, the Go command downloads newer toolchains as needed. These toolchains are packaged as special modules with module path golang.org/toolchain and version v0.0.1-goVERSION.GOOS-GOARCH. Toolchains are downloaded like any other module, meaning that toolchain downloads can be proxied by setting GOPROXY and have their checksums checked by the Go checksum database."
I don't know for sure though.