Thanks for the great explanation, @danielesser and thanks for rising that question @badger101. Here’s some additional 5 cents about that topic (from the maker of the Spellchecker nodes perspective):
We (NodePit and Selenium Nodes) currently do not sign the jars (no matter if it’s for free or for paid nodes). Signing them gives little objective security benefits but it’s a big hassle on top of the plenty of big hassles one faces in the Eclipse/KNIME development ecosystem (and which we rather invest in building great software).
Why no security benefits? As seen above, most users do not really know what “signing” exactly means. Facts: It will not protect you from bad/malevolent software. There is no external entity involved which “validates”, “authenticates” or “reviews” the “signed” software at all. At the end, the main reason for signing the software would just be about getting rid of that annoying dialog (which is definitely frightening).
So. Should you “trust” the Spellchecker nodes? This question I cannot answer 
Should you make your decision based on that unsigned content dialog? I think no.
By the way: For any questions about these nodes, don’t hesitate to get in touch!
–Philipp