Someone mentioned this kind of thing in the npm breeches last week. You get desensitized to non-standard “official” urls and it makes it easier for phishers.