Google has a new offering: Introducting .app and I’m not impressed.

“A key benefit of the .app domain is that security is built in …”

I can’t tell if they’re being disingenuous or naive here, but to offer a “secure” domain name without encrypted DNS and WHOIS privacy seems like an idea that missed the mark. A “secure” domain name system must involve security at the domain name level. What they choose to enforce at the browser level is almost completely irrelevant.

That said, the HSTS aspect is a nice touch, assuming you’re going to use the domain for something based on HTTP.