The key here is not registration but change. Currently, while spammers and other malfeasants have the ability to send out through compromised proxies and zombied PCs, there is little that can be done to identify them until they require a response, and then the return path provides some traceability via the IP addresses used, at least for nameservers.
One of the latest spammer exploits involves relying on compromised PCs for hosting of websites and DNS: which, coupled with the ability to update the root DNS in close-to-real-time, means that the entire hosting operation including nameservers can be based on compromised boxes, often with an encrypted/obfuscated link back to the real point of control, and that is significantly harder to track. This becomes of rather greater significance if the hosting is for a phishing site.
The root DNS is controlled through the registrar, and what contact information is held by the registrars frequently turns out to be at best highly imaginative.
aside from your confusion between the root and second level domain names, this is still fud. all they need to do is register foo.bar with delegation to their dns servers, and change a third level domain name at will. randy