Clearly, if it was based on just the certificate, then Kicad wouldn't get flagged.
Microsoft use a reputation score, the certificate is one element but not the only one, other elements include how many times an app is downloaded, the website the app was downloaded from. Another element of the score is whether the app has been certified with Microsoft as part of the Windows Logo program. I know Microsoft used to charge a fee for driver submissions, app submissions might be free, so I'll withdraw that particular assertion.
I've seen reports on the web from people with apps that have a valid certificate being flagged by Smart Screen, but when they registered their app with the Windows Logo program, the warnings went away.
If the Windows Logo submission for apps is free, then it seems like a good idea for Kicad organisation to register Kicad app with Microsoft.
ETA Bit of an old post, but this explains it https://blogs.msdn.microsoft.com/ie/2010/10/13/stranger-danger-introducing-smartscreen-application-reputation/ Unless changed since 2010, the Windows Logo for apps is free of charge and helps the application's reputation.
ETA2 Some more on SmartScreen and reputation https://blog.digicert.com/ms-smartscreen-application-reputation/ Not all certificates are considered equal, some give a better reputation. If a certificate is associated somehow with malware, it's reputation is downgraded.
ETA3 corrected information about driver fees.