That's only if it's in the Mac App Store. You can still sign an app (or in this case, a packaged script).
ETA: The malicious kill-switch obviously works on all apps, App Store or not -- but I'm unaware of any non-MAS app ever being "kill-switched" because of a customer dispute.
ETA: The malicious kill-switch obviously works on all apps, App Store or not -- but I'm unaware of any non-MAS app ever being "kill-switched" because of a customer dispute.