I wonder if certificate signing really is the solution, do we have any definitive knowledge that it is? If so, I understand the intention, but really don't agree with the methodology. As the recent rash of compromised CAs has shown, this is hardly an effective security measure. What good is "trust" when the trusted parties don't care enough to implement proper security on their trust-granting systems?!
The idea of offering certification assistance to freeware authors who host their stuff here is interesting and worth further consideration I think.
Btw wraith, I do think they flag exes specifically with this, so your downloads probably weren't triggered precisely because they're zips. This is not an antivirus scan being run by IE, it's pattern matching, with exe as a likely component that increases risk assessment. Scanning inside ZIPs probably isn't done. That job is really up to your antivirus.
Edit: Ran some tests, interesting results. A download of one of Skwire's programs from here in ZIP format did not show the same message. A download of Terragen in MSI (installable) form from planetside.co.uk also did *not* trigger the message. To the best of my knowledge the Terragen installer is not signed, but it's also not an EXE. It may also be more popular than FARR, though that's debatable.