Hey, Geoff. You make some good points.
Speaking only for myself, if I send a protected ZIP file, the need for a self-decrypting EXE is obviated. I would just put the sensitive data in the ZIP and be done with it. But if I must send an EXE, I agree that a cloud sharing link is the way to go.