The worst case of this that I've seen is with Safari on mac. The domain gets completely hidden if it's an HTTPS site that is "verified" (i.e. the entity shows up in Dunn and Broadstreet)
Visit "www.apple.com" in Safari and you will get "Apple, Inc" in the URL bar after a moment.
This seems like a potentially reasonable choice until you realize that someone could register, say "Apple, Inc" in another state and get a HTTPS cert to match it. One phishing email later and the Safari user is convinced they are logging in to the correct domain.
I can see lots of new phishing attacks made possible because of this. :(
Visit "www.apple.com" in Safari and you will get "Apple, Inc" in the URL bar after a moment.
This seems like a potentially reasonable choice until you realize that someone could register, say "Apple, Inc" in another state and get a HTTPS cert to match it. One phishing email later and the Safari user is convinced they are logging in to the correct domain.
I can see lots of new phishing attacks made possible because of this. :(