Sure, when you've never experienced the need for anti-malware, it all seems like an annoyance. Similarly, once you've experienced the pain and frustration of malware, and the time it takes to rebuild, then suddenly security becomes important.
xLights HAS a solution to making the releases trustable ... and it's a well understood process. Releases must be digitally signed, to provide a digital identity for the software and provide evidence that the software is what the author intended to provide. This also allows some level of trust to "carry over" between versions, because it's tied to the same identity. The digital signature also provides users with the ability to know that the software hasn't been changed since it was signed (including after download), which provides additional protection. Digital signing of releases is a strong indication of a software's maturity.
I do wish that the process of securely signing software (both the binaries and the installers) was much easier, and especially wish that popular open-source programs had available a way to digitally size at zero/low cost.
