OK, I looked into this further, and while the cost of code signing is slightly less than I thought, it's still more than Blitz3D is likely to make over the rest of it's entire lifetime so it's still impractical. In fact, it's likely to be impractical for a ton of open source software unless it becomes very cheap or free.
As far as I can work out, MS don't make any money out of the system (above board anyway) so it feels slightly less protection rackety to me now. Although, still, it feels kind of 'off' to me that signed software gets treated diffrently by virus checkers, like sneaking the bouncer a tenner to get in the door or something!
There are apparently moves afoot to offer free or at least cheap certificates for open source software (similar to how 'LetsEncrypt' offers free certificates for websites, like mine) so maybe one day signing could make sense for things like blitz3d, but not yet.
I do think my releases would benefit from adding a hash/checksum, as there's currently no way to tell if the download is being corrupted 'in transit' after it left my computer. And who knows, maybe this is already happening with some of the MS Defender alerts? I guess 'signed' software would at least get picked up if something tried to infect it, but blitz3d wouldn't.