I'm not seeing the attack vector. The URL of this page certainly doesn't show it.

Probably because it's a reasonable TLD to use internally for testing

Why are you getting downvoted, that's literally what happened when it launched. A bunch of people were like shit I use .dev internally.

Nobody used .test, .example, or .home.arpa

Yup. It happened to me. After the .dev TLD was created, I switched all my internal dev hostnames over to .test because it's one of the reserved TLDs [1].

I also switched off of .local after learning that it's used for mDNS [2].

1: https://www.rfc-editor.org/rfc/rfc2606.html#page-2

2: https://en.wikipedia.org/wiki/.local

Except that it's not, and never was, because it was never expressly reserved for this purpose. And it was particularly unreasonable to use for testing since 2012 when multiple applications were submitted to ICANN to create it as a gTLD.