This looks like a pretty big security hole:
Wired said:Malware Has a New Way to Hide on Your Mac
... "Once you have opened an app, you will never get a code signature check ever again on macOS," Reed says. "So even if it has been maliciously modified or damaged and the code signature is invalid, the OS will not check it again. That provides a big open window for malware persistence. If the malware can infect some of your apps that are already on disk then it can get in there and stay hidden—you’ll never think to look for it there and it can run in the background without you being any the wiser." ...