Accepting Self Signed warning dialog should require multiple clicks.
Users should still have the option of always trusting that signature + location combination but for self-signed applications this option should be hidden either by a fold, or in a secondary window.
The user would have to select the checkbox to enable the "Run" option.
Clicking "Show Options", either on the text or in the triangle next to it, would expand the window and show the option of always trasting apps signed with that certificate if they originate from the same location.
See this presentation on the need for this fix and proposed designs:
Based on PRD item