"Why don't all browsers run the checksum for whatever they just downloaded past VT before committing the save? Aware you can get various extensions and such, but even so.. it seems like such a minor thing to add."
Probably because this would be a huge privacy concern.
There are several websites where you can upload a hash and it will show you what the hash correlates to in it's database.
These antivirus companies can positively identify what a user is downloading by the SHA/MD5 sums and share what it is the user just downloaded (along with the users IP address and browser fingerprint) and passes this info along to it's affiliates (IE: Facebook, Experian etc.)
Starting to understand the privacy risks now?
Same thing goes for Google's Safe Browsing and others that collect the users web browsing history.
Google has partnered with ESET in it's Chrome browser for another example.
ESET is a cloud based antivirus/security company from a foreign country that isn't held to the same laws as the US or UK.
(Just like almost all the AV engines on Virus Total)
This is much more of a cocern.