Preferences:
AppStore for /Applications, then DMG/package as secondary
Homebrew for command line always
Homebrew cask as last resort
For apps that go into /Applications, I tend to use the AppStore (preference) or download the package/DMG. If the GUI needs to be in /Applications, I don't use homebrew.
If it's command line only, then it's homebrew all the way. I can't recommend it strongly enough. Btw, there may be some confusion in this thread. Cask is one of many sources for homebrew formula but, at least in my use case, every formula I need for homebrew is in homebrew core:
https://github.com/Homebrew/homebrew-core
(There's only one exception for me, and that that is ngrok v2, which is cask only.)
Homebrew is often an available option for developer-oriented packages. Of course, there are clickable packages to easily install node, python, and golang, for example, but I prefer homebrew because it cleans up past versions easily and makes it easy to use compile flags when necessary. And, they are command line apps, so that's all homebrew for me.
FWIW, in StackOverflow, there are often recommendations to use homebrew to manage versions ( especially alongside versions like older system python) of developer packages.
[doublepost=1484111835][/doublepost]
And cannot. What you refuse to answer is *why* Cask maintainers would be trusted to not introduce malware (or anything else)?
The overall cask software is updated regularly, ie. in the last day or so as of now.
https://github.com/caskroom/homebrew-cask
Most importantly, all of the formula are open source. That's not to say that the binary that they point to could be malware, buyer beware for sure, and caution is key. But where the formula points is open for anyone to see. And, if it's something like Atom editor, the formula includes the crypto hash too.
For example:
https://github.com/caskroom/homebrew-cask/blob/master/Casks/atom.rb