The security boundary on the OS is the user of the process. If you run the malware under the same user as the key, than yes of course it has access. But in production you don't run software under the same user, and on the developer machine you wouldn't put the production key in the user keychain.

On disk, it’s encrypted. The running service, at least on macOS, only hands the item out to specific apps, based on their code signing identity.