Second, Claymore miner's .exe file was never signed. How come respected developer didn't sign his product? I make life easy for you and answer - because Claymore didn't want to reveal himself and you have to give out all of your personal info to get personal certificate.
I think you are correct in this regard. Because for years I have been bugging Claymore to sign his executables because I never liked those free hosts where he kept posting his software. Most crypto products are almost always signed in some way to prevent virus and malware from spreading and usually the first thing you do before you install a new piece of crypto software is verify the authenticy first.
Claymore never posted any signed software or even a simple SHA256 hash. I would have to hash the executable and ask him, "does this verify" and only then he would say it does. And I always found it very strange.
What is strange is that he could of just posted some SHA256 sums and it would of been sufficent. He didn't need to sign an actual certificate.
Probably he trusted himself and mega.nz and he was thinking that it's enough for not using hash sums, like if link to his miner was posted by him at his topic, and that link was same as before and leads to mega.nz, it means everything is okay. But I agree, SHA256 should be used.