No. This design is not OK for security.
I was trying to set up a personal website at one point in my life, and when I was buying the domain but before I had my domain records set up correctly, I tried to navigate to my website. It’s name was something like example.com, basically.
Even cURL is contaminated by this insidious “it should be easy” mentality and as a result, because the domain record for my example.com was not fully set up, cURL automatically redirected to the malicious example.com.com that had been created for the express purpose of exploiting people who build tech meant to make wikipedia autocorrect to wikipedia.com.
It is firstly a failure of the domain registrars to allow com.com instead of excluding it for being obviously malicious, but in a world where they already failed in that duty we should not make the problem worse by having technologies where the user can literally type example.com and the technology navigates to a malicious server that outsmarted you and expected the entire blunder from the moment you started.