Yes, I use Opera, but only for download. I never realized that this behavior is caused by the browser and not by the installer.

Seems like this is supposed to be some sort of protection against DLL-injection attacks, but the way it is implemented is dumb and totally unnecessary in 99%:

To my understanding a dll injection attack can only be prevented using this measure if there are dll files in the same directory as the exe-installer.

Are you using the Opera browser? It seems to be an Opera issue:
https://forums.opera.com/topic/15301/scoped_dir-folders-in-downloads-directory

When executing the WinSCP installer it always creates a temporary folder like scoped_dir13440_1140471795 in the current folder with files in it that is never cleaned-up.

It would be nice to configure the installer to not dump files in the local directory (temporary files should better be saved to the %TEMP% directory where Windows can delete them automatically) or at least clean-them up after installation finishes.