The difference is this bug will grant you the lock icon, and your browser will "guarantee" you're speaking to the real bankofamerica.
Practically speaking, that probably doesn't matter, because someone who understands that won't click on an email and log in to bankofamericaa.com. But there is a difference.
It is very easy to get a lock icon on bankofamericaa.com and to get your browser to insist you are speaking to the real bankofamericaa. What makes this bug interesting is you can get a lock icon for a fake website on bankofamerica.com using a MITM attack: making convincing "secure" websites on alternative URLs has always been possible.
Practically speaking, that probably doesn't matter, because someone who understands that won't click on an email and log in to bankofamericaa.com. But there is a difference.