I am guessing that unlike wallets which keep private keys, most people run the software on a dedicated mining rig which does nothing but mine. So there are no private keys or anything. However there are people that mine with their personal computer that they use on a daily basis and they would like assurances that its not malware.
That is true. When the news came about the wallets being malicious at getmonero website. I was really concerned as I just set up the wallet hours ago in my personal rig with Ryzen 1700 to be ready when the algorithm transition hits. I was safe as I downloaded the binaries directly from the GitHub page and the hash matched but I cannot imagine how much damage it could have caused instead.
For some weird reason, many of the miner software almost never has any type of checksum or signatures available. Its been like this for years and no idea why. It looks like you were provided the checksum for XMRIG however many software like Claymore's is never available.
I've posted this on the official Claymore threads and I kept telling the guy to "Please post checksum or your signature so we can verify the download". And he usually never replied to my post. It became an issue because his downloads started getting flagged as viruses and you couldn't tell if it was a false positive or not. But he still wouldn't post the checksum. No idea why.
I hope that everyone does follow this whenever they upload their new software may it be a miner, an OS image or anything as it makes it so much easier to verify that you have the authenticate file and also to download directly from GitHub or compile the software on your own.