[threePointFive]

I don't develop for Mac, so I'm probably missing something important here, but what is the point of code signing if the owner of the signing key isn't publicly verifiable? Is there not a chain-of-trust back to Apple that can be used to determine who requested the signing key?

[SheinhardtWigCo]

There is, kind of. Each developer is identified by a “team ID”, which appears in the Common Name of these certificates. Apple does some validation of the developer’s legal entity, similar to EV SSL.