Sorry, I'm replying a bit late, just saw this. Signing is not a must but unsigned executables trigger Defender's warning screen way more easily (always in the beginning) and users have to define it as an exception to explicitly run the app. Signing the binaries does not guarantee that no warning is triggered but they help making the screen go away. It depends on the certificate. The most expensive certifications, EV certificates, will allow users to run the binaries as a trusted binary without warning screen but they require very extensive org authentication.

Some companies go with unsigned binaries but it's not recommended. It's hard to quantify how many users are lost with unsigned executables, and probably depends a lot on the area. For example, I've noticed that many small producers of audio plugins don't sign their installers and customers don't seem to care much. However, most normal end consumer software is signed at least with OV certificates.

See [1] for more info.

[1] https://www.reddit.com/r/electronjs/comments/17sizjf/a_guide...