...

Let's also assume someone sets up a popular webpage with malware HTML causing it, perhaps with a time delay, to issue rapid GETs to deliberately nonexistent domains.

You don't even have to imagine that.

Imagine a long-term port 80 Denial of Service (DoS) attack against a given website (using the website url rather than IP, which is not uncommon).

Imagine the attacked domain administrator removes their DNS records from the registry to alleviate the attack.

The attack is now directed at the Verisign Sitefinder service.

Adam

OUCH. Yet worse.