Here is another reason to NEVER download commercial (paid) software from a torrent or third party download site. In the case of Joomla extensions if you do so you are may be opening up a secret backdoor for the bad guys to hack into your system.
Take for example the case of one of my favorite Joomla extensions, the Perfect Ajax Popup Contact Form by Perfect-Web. It's an awesome contact form with tons of features and spam protection built in. The thing is that they recently discovered that some people are sharing/stealing their code via BitTorrent and other warez type sites. This illegally shared code contains a back door that can allow a hacker to get in and take control of the whole site.
This even applies to freeware and shareware titles as well. While getting a full blown back door in a download is rare, even respected software distribution sites like SourceForge are now in the news for bundling other kinds of crapware along with the installers for thousands of popular pieces of free or shareware. Have you ever downloaded a piece of software, installed it, and then discovered you have a new crappy toolbar in your browser? This is how the legitimate download sites make their money to provide access to the software downloads, but their attempts to squeeze a few bucks out of their visitors has gone so far to the extreme that even Google red flagged them for a time, and those using Chrome browsers got a seriously scary message advising people not to go there to download software at all.
So to make a long story short, do your best to never download software from anyone other than the original creator or vendor. In the case of Joomla extensions search first on the JED site and then download the software directly from the original creator. It's just plain safer that way and will probably save you tons of money in the long run since you won't have to pay someone like me after the fact to come in and fix your hacked Joomla system.