Many software archives (even legitimate ones) are flagged as "false positives" by antivirus programs because they contain executable files. Encrypting the archive with a password prevents automated scanners from looking inside the file immediately upon download.