Of course that registry actually has a sane punycode policy, so such impersonations are impossible there, whereas they're happening all the time in .com. Maybe time to re-evaluate your idea of "reality" versus "theory".
Not for English speaking people, as a Dane it is nice to be able to use our actual alphabet to spell words, even if the letters weren't in the ASCII alphabet.
Though why you should be able to purchase .com domains with punycode, I don't know.
Each TLD gets to set its own rules for name registration under that TLD. In particular they all have punycode policies. For example a country which uses a Latin alphabet with a handful of extra characters might requires names under its ccTLD to be from that alphabet, and not, for example, Cyrillic. Or a TLD operated on behalf of a region dominated by one writing system might require names to use that writing system. The attention of TLD registry operators was drawn to the need to prevent the exact types of fraud we're seeing here.
The .com TLD registry's priority is profit at any cost. A crook's money is just as good as anybody else's, right?
Just 13% of the world speaks english. It is not a reference for how we do or should write on the web.
It would maybe make sense to restrict url display to the computers language setting.