I think an important corollary is that if a binary is signed and does turn out the be malicious, there's a path to comeback on whoever submitted it. The signing/notarisation process creates a chain of responsibility.