That is odd. Yet a strict check against “hulu.com” is also included, and YouTube is checked for “.youtube.com” and “youtube.com”. Perhaps this fix was to prevent malicious behavior, so they included anyone who might be phishing or abusing the API in some way? I think someone would have to dig into the quirk itself to find out more.
Note that this is very likely due to everchanging CDN domain names. If they spawn servers on demand, they're probably as messed up as googlevideo.com (which also uses hashed subdomain names).