I hate this reliance on these things. Why not use GPG signatures like linux does in a repository? I hope I see the day (and soon) where something better than CA's starts getting used.
That's why I don't rely on digital signatures in order to decide whether some app is trustworthy or not. It's all about behavioral monitoring.
Never trusted them (ds), so I am fine. I hate that EAM puts so much trust in them. Now, Appguard gives you the option to use them or not.