It isn't just notarization, it is also that notarization requires app hardening which has very strict rules. Shipping an app with 3rd party binaries that supports older versions of macOS is especially tricky to get right.

Also using direct distribution you have to deal more with Gatekeeper.

One particularly fun issue is that if you distribute your app as a zip and a user downloads (to their standard ~/Downloads/ folder) and runs it, then Gatekeeper will use path randomization (aka app translocation), which effectively makes the app look like it is on a read-only volume. Older versions of the sparkle update framework would not show update prompts if on a read-only volume (as what's the point?), and therefore if a user continued to run an app from their downloads folder they would never get updates!

Apple made this change without informing any developers that their users could be left behind for a while. I imagine this security feature prevented users from getting many security fixes.

The way to disable the app translocation is to have a user manually drag the app to their Applications folder, which is why so much software is distributed in DMGs now with the Applications folder symlink.

Apple tries to hide the option, but you can still run non-notarization software on a Mac. The first time you run the application, open in from the right click menu. It'll give you a warning, and if you select OK it'll run. After that you can just run it by double clicking like normal, and it won't warn you.