FWIW: Code signing, IMHO, isn't (yet) so oppressive that it's not feasible for an independent freeware author to get a signed cert. If you are an author of freeware, and it is e.g. under a license like the GPL, LGPL or MIT freeware licenses, there are many cert. authorities who will sign your software for free. At least, that was the situation when I looked into it last. (I have an app. I'd like to market, but it's stalled, since there are important usage cases it doesn't work for.)
The situation is similar to domain registrars, where there are a long list of cert. authorities to choose from. Each will probably have more or less different corporate cultures.
Having never got far enough into it, I can't speak to what private info they ask for, or if it is given to a govt. Also, since you don't hold the copyright to WinAmp, but you do rely on parts of its executables, you might not be able to get a certificate for that. You might think of a freeware WinAmp upgrader, such that you ask for WInAmp to be installed first, and then your freeware with a free cert. is installed over it, and patches it. You might want to have it as an alternate vers., for users with problems with installing. When Wacup has finally replaced all the closed-source code, then you wouldn't need WinAmp to be installed first. I do hope it goes open-source, since when things kept happening to NullSoft, and the source was unavailable to the community, it was impossible to develop it further. I see a post where you mention a Linux vers., and I have become rather fond of the Qt framework. It's pretty flexible, cross-platform, and I suspect it might could even do a WInAmp. You can use it for free, under LGPL. wxWidgets is another option. It uses native widgets of a given platform, but is less powerful, generally, and in terms of an IDE, Qt Creator is way more advanced than anything similar for wxWidgets. wxWidgets has been used to create, e.g., Audacity, but I've long since moved on. I have even heard of people able to create their own digital signatures; but I can't say what Windows Defender would make of such signatures. I encourage you to look into a digital signature. It might not be as bad as you think.
Note that I routinely use a hard-to-find utility (not mine) to turn off the requirement for digital signatures on my Windows 7; which I've attached. It might solve some problems like this for Win7 users, like myself, or Win10 users even.