You said “But if you have a cached OCSP response for the cert of a malware author, then you've already launched their app, so it's probably too late.”

I.e. once you have launched the app, the damage is done.

This is not the case, and the Zoom situation is a clear counterexample. Even if a problematic app has been launched one or more times, it is still worth preventing subsequent launches if you can.

It doesn’t matter what mechanism is used to prevent the subsequent launch. This applies to any mechanism including OCSP. The Zoom example is a refutation of the particular point you made, a point which dismisses a real security concern.

It demonstrates that there is value in Apple having the ability to prevent harmful software from running, no matter how many times it has already been run.