"I'm sure they can, but what about the smaller and less well funded projects? What about derivative releases of a bigger project?"
Whilst I don't want to trivialise costs for anyone, a project has to become pretty small before getting your code signed becomes a relevant part of your costs. I looked up the cost with Startcom and they sell a certificate you can use to sign code for US$59. And just to be clear, you can sign as many programs and versions of programs as you like with that. Anyone releasing software that finds that significant will just have to accept the warnings, I would guess. It might be a shame, but digitally signing code is a good thing to have as an industry standard. So basically, my answer to your question about smaller and less well-funded projects, is that these will be fine too.
"but as others have said this system offers no real protection in that users will probably continue just to click 'yes'"
If signing software to be installed is the default (as it will become), then unsigned code really will stand out and will therefore more likely make users think.
"Those who release the nasties will find a way to sign their code, and the cycle of catch-up will continue."
Some will, but signatures will get revoked and revoked fast. Repeatedly. Not only that, but when a piece of malware has been signed, registered to a company, then you can quickly check all the other things that company has signed. You say "will find a way to sign their code", but if you're having to go through a whole new registration process as a new company / individual and require pay a new fee every single time Kapersky Labs or MS or whoever notice and report your latest malware, that rapidly becomes a real nuisance. Which would you rather?
" In fact, from where I'm sitting, the only one who stands to gain is MS by pushing more of the smaller devs towards the Metro store"
I think smaller Devs will already gravitate toward the Windows Store. They want the advertising, the security, the streamlined way of getting paid and handling licences and hopefully the reduced piracy. I don't think this will be a factor one way or another. I mean if you feel that Windows Store isn't the best fit for your business model, paying US$50 dollars is unlikely to tip the scales toward it, imo.