Ok, I see. You mean the possibility of users impersonating statichost.eu itself. That is actually a good point, and the exact reason why user subdomains are required to have a dash in them. Edit: Also, only ASCII is allowed. :)

I guess control-panel.statichost.eu is still possible, of course, but that already seems like a pretty long shot.