There is a very good reason why you cannot get App notarized with free Apple Developer account. When you setup Apple Developer account you can build apps and even run them on another Mac, use certian entitlements (not all though). That's good for developers who wish to become familiar with the platform.
You can even distribute your app, but when another user starts your app, gatekeeper will present a warning that this app is from unidentified developer. You can still go to System Preferences -> Security and allow the app to load, but users generally should never do that, unless they really don't care what happens on their machine. When the app is notarized, macOS displays a prompt "Apple checked this app for malicious content and found no problem with this app" (or some text like that). User can click "Open" to instantly start the app. Now imagine how much malware, spyware and other types of harmful apps are out there and how many people try to exploit users' trust. Gatekeeper prevents apps from unidentified developers to load for very good reason.
If anyone could get app notarized, than bad guys could build an app that doesn't look suspicious, but after a year could start misbehaving. It's something that's very diffcult to catch even for Apple, no one really has enough time to disassemble apps and go instruction by instruction to verify what apps really do. If app causes damage, it may be difficult to get the author to answer for his crime. You can create free developer acount online, easily and with any email address and you can pretty much make up mailing address, you don't have to fill up billing info. This allows anyone to learn software development, even someone who cannot afford pay for development tools, so it's open to anyone, students, kids, people from countries with worse economic conditions. On the other hand bad guy can use fake identity and cause harm. Then it would be impossible to trace him.
When you pay for Apple Developer account, you create a tracable financial transaction. These days it's not easy to open bank account without verification of identity. So if the bad guy distributes app to other people and casues damage to user or to Apple servers, authorities can trace him pretty much anywhere in the world, you can get court order and bank would have to reveal identity of the account holder. Although not all countries would cooperate in such investigations and countries with lower moral standards probably wouldn't even care if one of their citizens managed to sell users' data or managed to make money from ransomwere from people who trusted their apps, but it's definitely getting harder for bad guys to avoid consequences. More and more countries cannot afford to ignore international relationships and law&order.
Another question is if the price for paid Apple Development membership should be $99 or $0.99. But again bad guy could have his/her developer account closed, but for $0.99 he could create 100 paid accounts and cause damage. $99 is low enough if developer really wants to create legitimate app and distribute to users, and at the same time, it is enough to discourage bad guys paying for multiple accounts that could be revoked 1 by 1 in case of misbehavior.
Today's operating systems are more secure and it is partially thanks to app signing and verification of developer's identity.
I remember in the old days I encountered 2 viruses:
In around 1992 Yenkee Doodle virus which copied itself into ever executable on machines running MSDOS. It was easy to cleanup using antivirus, but still anoying.
In 2002 or 2003 there was an interesting virus called MS Blast. I had an official Windows XP SP1 cd and after installation I connected to my internet service provider and bang! a popup with "Your machine will restart in 60s, 59, 58..." showed up. There was nothing you could do and machine rebooted and repeated the process. That happened actually without opening browser or doing anything else. Just a clean OS and connecting to Internet service provider who had their servers infected.