Why do we need to sign the ClickOnce Deployment using a certificate?

Signing the deployment is just another way to ensure that the local version agrees with the version on server.  This prevents from installing any unauthorized stuff – hence helps detect tampering by others.

Signing with a test certificate, will prompt “unknown publisher” when it installs; Signing with a Verisign Certificate will show your company name when it installs.

The purpose of a certificate is just to ensure that you are who you say you are. Signing with a test certificate can be used when you don’t want to purchase the real deal.