] The typo-catching wildcard is a fundamentally broken
] idea. It cannot be fixed; it is impossible to patch it to the
] point of acceptability.
]
] The technique should be eschewed in all contexts. The
] best that can be done with it is to hold it up as an
] example of how things go wrong when protocols are abused.

Hrm. This view is probably too radical, and so this is unlikely to be adopted, but it is interesting.

Best conspiracy theory I've heard so far:

Verisign can break the security of any https connection. Typos to https sites get redirected to Verisign. Verisign can MITM.