At the same time given the already terrible reputation of such vanity TLDs, being this hard on abuse might be the only survivable way.
That's not me saying there shouldn't be a warning and a recourse, but the time-to-profit for domain abuse is really short so anti-abuse actions have to be quick.
This isn't being hard on abuse though, this is being lazy and incompetent.
I'm fairly sure that Safe Browsing's false-positive rate is extremely low otherwise it'd be unusable in Chrome. Which also means that acting on positive results is very likely a correct approach.
Safe browsing is meant for websites, not domain names. You really want your registry acting on it and nuking your email services, intranet services, cert renewal automation, et cetera?
You think no bad actor thinks of that, using subdomains or whatnot?
Nor did I say anything about wanting a registry acting on it, it's just that the motivations and reasons are incredibly clear. At least to me.
And let me also reiterate that I clearly said that it should be a thought-out process and they haven't thought it out.