I would say Top-level Domains (TLD) should not use wildcards bindings. Let's say instead of getting a 404 error when you pass-in an invalid/not existing domain you get redirected to an actual, but most importantly unanticipated domain resolution.
All responses are positives, whatever the query is, if your domain uses TLD it never returns a "name error" like response. The problem here is that every application (not user) that rely on DNS response types (positive AND negative) will have unpredictable behaviour.
The Internet Architecture Board (IAB) acknowledged that the wildcard mechanism had been a part of the DNS protocol since the specifications were originally written. However, the mechanism was also understood to be tricky, especially when more than one protocol is invoked:
An authoritative name server returns one of three responses to a
query: “success,” “no data” (which means that the name exists but the
does not have information about it) and “no such name”. When wildcards
are present, the “no such name” response cannot occur and server
provides the same response to queries that otherwise might have been
either “success” or “no data.” Hence, in the instance of Site Finder
and other similar services, mistakes in typing are processed, rather
than rejected, and the user redirected to a page that provides
information. But this may be, in a sense, a false positive since the
system appears to be providing a valid response when in fact it is
masking an error, and an error is a legitimate form of information.
Applications that rely on the “no such name” response fail since the
“no such name” response no longer occurs.
Think about Email servers, SSH and FTP for instance who will be attempting to connect to the IP address in the response.
This link summarizes it pretty well and you can check Site Finder Review and Redirection in the COM and NET Domains - ICANN for more details.
In addition to this, TDL opens to DNS "brute forcing / reconnaissance" unlike what might be believed.