No changes have been made, only removed upx compression from binaries to silence false positive antivirus detection.
There are still some obscure antiviruses that find our binaries suspicious due to the way go packages them. I think the only way to solve that would be to sign them (not 100% sure though), but I'm not paying to work on free stuff. If anyone is bothered by this, and would be willing to donate a code signing certificate, let me know.
If you want to check the binaries are safe, the code is in src/ziggy, and you can build them yourself by running tools/build ziggy and compare.