Yes, some additional risk comes of certain avenues of malware [1] comes with decentralization. However I really want to emphasize that the risk in an optional-non-central-source scenario is not at all the same as what exists on the PC, and in turn any risk must be weighed against the direct harm that centralized censorship is already doing. First, in the scenario I'm describing everything is still signed, potentially even with an Apple-based PKI type cert. Allowing owners to have their individual cert signing for their devices isn't the same thing as giving them root or jailbreaking, while certain restrictions of Apple's are non-technical (like private API usage) a lot of jailing can be enforced by the OS. With trusted authorization and data input paths going through an HSM in iOS, an owner key does not mean any software can run willy-nilly, and the scope for malware is limited outside of security vulnerabilities that may exist anyway [2]. There is still a trust infrastructure available, and in turn the ability for alternate App Stores to have reputations of their own (and for owners to get extra warnings, do revocations, etc). Apple could still themselves issue blacklists against malware (with user control). Etc etc. Ubiquitous hardware backed signing infrastructure required for running software throughout the device offers a lot of anti-malware options regardless of whether Apple alone owns the device keys.

Users would also simply face a much higher barrier of entry to running malware. If it costs money, any money, to get an owner cert and requires any hoops then social engineering becomes significantly harder. Apple does in fact cover most of the needs in their App Store, so going outside of it would still be something unusual. With the right UX and possible dual requirement for developer signing as well, users might simply themselves (or with a technical friend) side load one single app like Skype and otherwise not bother. Apple has a number of levers to better push non-technical users in that direction too.

FWIW you didn't mention it but I will touch on piracy since that's a material concern for Apple and devs too: without getting into the weeds on effectiveness of DRM and specifics of implementation, I don't see why a device that allows running non-App Store software couldn't still effectively deny running something that's available directly in the local regional App Store itself (options for official/unofficial non-App Store offerings would be possible too, that'd be a business decision for Apple).

In short I don't discount that, amongst the entirety of Apple's user base, there might well be some users who'd experience some level of harm from a decentralized option, no matter how it's implemented. But at the same time there are definitely a lot of owners who are experiencing harm from present situation right now. Theoretical maybe harm shouldn't entirely distract from existing proven harm. I think the tradeoff of Apple giving up some control (and in turn responsibility) there would be worth it for all involved (except oppressive governments).

----

1: In a discussion of government actors it's worth considering whether in a centralized scenario could Apple be ever be pressured/legally ordered to deploy malware directly, but that doesn't diminish the primary threat of malware being from private/foreign sources.

2: If anything I'd expect vulnerabilities appearing in general malware would accelerate their patching vs the present 0-day market where they're sold for a lot of money for use mainly in APTs.

https://news.ycombinator.com/item?id=15747519