I can't imagine those would ever be made available.
Fortunately, .zip seems less worrisome from a security perspective -- you don't execute a zip file. (Unless I'm missing where clicking on .zip files is an intermediary step in a common exploit?)
It's more just confusing from a usability perspective. Like, I don't want domains ending in .jpg or .mp4 or .doc or .txt either, you know? It's a benefit to be able to look at a string and usually be able to reason with high confidence whether it's a domain name or filename.
Devil's advocate -- what exactly is the attack vector here, even for TLDs that share names with executable file extensions? .com already exists, the biggest one of them all, and that doesn't seem to cause problems?
Fortunately, .zip seems less worrisome from a security perspective -- you don't execute a zip file. (Unless I'm missing where clicking on .zip files is an intermediary step in a common exploit?)
It's more just confusing from a usability perspective. Like, I don't want domains ending in .jpg or .mp4 or .doc or .txt either, you know? It's a benefit to be able to look at a string and usually be able to reason with high confidence whether it's a domain name or filename.
It definitely feels weird to me.