The pre-built Windows and macOS binary releases that we ship are very hard to use because they are unsigned, so these systems will block their execution by default. Things are now even worse as we ship various libraries due to SDL2... and these cause macOS to raise warnings for every single library. I'm not sure how we could sign the binaries, but it should be done.

For those reading, note that the binaries are built via GitHub Actions so you can audit how they are put together by looking at the scripts under .github/workflows/ and the logs for the corresponding run.