The threat is that if you sign malware with your name you will be quickly connected with said malware. If you don't live in a country that turns a blind eye to cyber crime that is a quick ticket to jail.
Of course people stealing other people's signing keys is an issue. But EV code signing certificates are pretty well protected (requiring either a hardware dongle or 2FA). It's not impossible for a highly sophisticated attacker, but it's a pretty high bar.
What threats are those? Where are all the people going to jail for falsely signed software? The stuxnet authors seem to be in the wind.