[__d]

Code-signing, performed by the developer, means the application can be checked for corruption (and to a degree, that the developer has an ok status with Apple).

But it doesn't indicate that the application has undergone Apple's review process. For that, you'd need a separate signature, signed by an Apple-owned private key rather than a developer key.

I'm not actually advocating this, just pointing out that it would provide the same security as the review process does now, without the need to download apps only from the AppStore. And so ... Apple's "but the security" argument is rubbish.