I don't find it necessary for security. One way of safeguarding security across the board is to use reserved words like "intranet" for the intranet (duh) and "localhost" for the same machine.
THE END
That alone won't address all of the concerns. Another study they did, related just to their gTLD stuff, was to see which dotless name queries get leaked to the root servers. This name collision report is quite interesting and addresses the question of which names are probably in common use: http://www.icann.org/en/about/staff/security/ssr/name-collis...
Anyhow, our research and testing (I am one of authors of one of the studies mentioned in the posted article) found that the issues found with SAC 053 have the potential to be much more wide spread. There is also a scary problem called universal XSS.
There were no real smoking gun security issues, so you can make a pretty decent argument about the security impact not being too great (we had many such debates internally), but we are talking a core Internet system. The namespace collision issue is huge.
I see what you mean regarding namespace collision, but if we always set a standard based on the lowest common denominator we'll end up being stuck with practices that were followed because there was no reason not to.
As for the universal XSS, this can be solved at the browser and page level. First the gTLD as any other level should be explicitly declared in the script URL from the open page and second the browser blocks all the rest.
