I don’t know the answer to that but a quick search shows lots of examples of people complaining that their developer certificate has been revoked, demonstrating a willingness by Apple to revoke certificates if they believe the developer violated their terms of service. I doubt Apple would go out of their way to include language in the agreement that binds developers to their own sanctioned platform if they didn’t intend to enforce it.
I would wager all of those are distributing malware.
I would take that wager. I highly doubt Apple’s revocation team has a 0% false positive rate.
I agree, but I think a better wager (and what GP probably meant) would be that all of these developers had their certificates revoked because Apple thought they were distributing malware. That's what the system is for.