I know this is a bit old, but I thought I would add something worth considering. if a TLD is currently registered, or could be in the future, for a particular use or by an organization, some browsers (hi Firefox) force HTTP Strict Transport Security (HSTS) and will prevent you from accessing that site when using SSL. A very common use case is using *.dev TLD with a self-signed cert and trying to access your local site in Firefox for testing. Firefox will block access and not allow you to add an expectation. So for me the only proper thing to do is use one of the reserved TLD...
...to protect against this now, and in the future. Having said that, as long as one is aware of this, feel free to use whatever you'd like. For whatever reason I really liked *.dev, and it sucks I can't using it anymore since I need to test SSL on Firefox. I actually think what Firefox is doing is really good, but it would nice if you could add an expectation. I would just want that exception to complicated and difficult to do to make sure there is no possible way someone could naively (or accidentally) add that exception, but oh well. On to *.localhost for me