Not necessarily true.
ASF files can contain script commands that are run automatically by Windows Media Player (See: https://docs.microsoft.com/en-gb/window ... dfrom=MSDN). Even if such scripts can't do anything directly dangerous, they could still trick users into doing something dangerous. One example is described here: https://isc.sans.edu/diary/Scripts+in+ASF+files/4355
A more common risk with downloaded audio files comes from the fact that Windows and macOS hide the file extension by default, thus an executable file can be made to look like an audio file:
"Rare recording.mp3.exe" may look like "Rare recording.mp3"
Given that many people play audio files by double clicking on the audio file, there's an obvious danger.
Having said that, I think there are more likely reasons to not download files directly into Audacity.
- Whereas a music player can start playing a file before it has finished downloading, it would be a fatal error if Audacity tried to apply an effect to a file before the download completed.
- Normally Audacity works on a copy of the file that is being edited. This adds a level of safety in that no matter what goes wrong, the original version of the imported file is not affected. This would not be the case when downloading directly into Audacity. Say that you had just bought an album from Amazon and downloaded directly into Audacity, then for some reason Audacity crashed. You could potentially lose your one and only copy of the album, and would have to buy it again. (No doubt you would download it safely the second time before importing it into Audacity - but better if you had done that the first time).
- Audacity does not act directly on audio files. Audacity acts on blocks of 32-bit audio data (called "blockfiles") that have been recorded or copied from a file. Audacity would still need to copy the audio data and convert it into "blockfiles" before it could be worked on.