If you compile me a simple hello, world executable for AppleARM and send it to me via email, if I tried to run it, I wouldn't be able to. No matter how hard I tried. The OS will tell me I cannot. Just like on the crippled Windows RT platform.
This differs from standard Windows and other "open" platforms by the fact if you compile me a simple hello, world executable for ARM (or x86) and send it to me via email, if I tried to run it, I would be able to. Frankly since Windows Defender and XProtect are only concerned with detecting cracks and pirate software, they wouldn't even alert me when launching your software.
This has very little to do with Defender and things like that, and more to do with signing certificates as seen on consumer iPhones, forcing users to access software from Apple's central app store and not correctly through the 3rd party vendors official website.
For example, with this in place, it would be impossible to deploy your software to an offline ARM-based Mac for example. Making this whole ecosystem unsuitable for professional or corporate computing.