I think it is intentional. They don't want to confuse employees who are installing their company's apps with technical details. But I agree it's way too easy now.
Apple probably think they can rely on the policies and the application process that enterprises go through before a distribution certificate is issued. But I'd guess that most of the certificates that are used to deploy malware are simply stolen.
Well, that was my other question, how are they (conceptually) obtaining the certs? Are they just hacking Apple IDs?