Well of course it can be bypassed, but it certainly doesn’t “step in” at some point either as was suggested. It blocks all unsigned binaries regardless of any damage they’ve caused.

Though this morning I realized I misunderstood the point of the grandparent here. He was saying you can have a signed binary that is still malicious. I thought they were talking about what apple does in the case of unsigned.