Look at the number of non technical end users who will determinedly download .EXE files, or run them from their mail client, and click through all of the Windows 10 "do you really want to run this untrusted software?" warnings in order to successfully install cryptolocker type malware on their computers.
If you give people a way to click "yes/accept/run" and they are determined to accomplish what they think is their intended task, they will just blow through any warnings.
You don't even need to observe the average end user. Just look at software developers aka "technical experts" using npm, NuGet, Maven, and all the other package managers. Digital signatures? Nope, just run the code on your machine, please. Bonus points for allowing code execution in user context to "configure" the package and placing executables in $PATH.
npm here being exceptionally secretive on what it will install as dependencies as it can reach tens of thousands packages very quickly.
