In two of the SO questions here and there the prevailing opinions are that using .local for internal network is a bad idea.
One of the comment however points out:
However: don't use a real domain name that you have already used for public-facing production services. There are various interactions that are allowed between www.example.com and *.internal.example.com that are not allowed between www.example.com and *.example.net, most notably cross-site cookie setting. Running internal and external services on the same domain increases the risk that a compromise of a public service will give some ingress to the internal services, and conversely that an insecure internal service could provoke internal misuse of an external service. – bobince
Can this be interpreted as a benefit of using .local for internal network? What are the other options to mitigate the security risk?