I don't see how this is an issue. To me, this does seem at least confusing, but possibly dangerous.

If you have internal auth testing domains at the same place as user generated content, what's to stop somebody thinking a user-generated page isn't a legit page when it asked you to login or something?

To me this seems like a reasonable flag.