Not really. The point of origin is the private key, which does need to be protected. Lack of identity verification might make key revocation/rotation more difficult, but identity is not really permanently coupled to the keypair. If that were true then why is the only thing stopping me from circulating self-signed certificates with bogus info the lack of a CA signature?
Well, that's the whole point, windows doesn't accept self-signed certificates. It has to be signed by a CA. And to know you are executing the code from the original developer as opposed to some repackaging by a malware, you need to be able to observe the identity as stated by the CA, and it has to be meaningful to you (a function in the browser performed by you having typed the domain name of the website).
If anyone can get a certificate from a reputable CA under the name of Microsoft Inc, then how do you know you are executing guenine Microsoft code? You don't have the public key of every reputable developer installed on your machine, and the CA won't check for reputability or malware, just that the identity is who the certificate claims it is.
