You’re being disingenuous here. Of course malware slips through the review process, but it definitely catches more than it misses. Additionally, it serves as a deterrent to malware authors to seek softer attack surfaces.
Having more stores won't open up anything. A user will still have to install them. And I'm sure they would implement their own process. Fdroid for example, compiles everything going through there