I don’t have a well-considered answer, but a) I imagine being able to host a phishing site on an official domain from them using their SSL cert is problematic, and b) my gut says that as soon as you start hosting arbitrary files— e.g. zip files— and browser executable JavaScript with your domain in there, that’s a different level of possible content. I guess the question is whether or not the disposition of a social media network makes that more problematic than it does with, say, Google drive.

It’s not possible for me, a non Google employee to create a file that’s hosted on Google.com, or any Google domain and have it read in the browser as text/html, bypassing many a firewall, for example