I worked at a company where the security team disliked wildcard certificates because it exposed us to the risk of someone, somehow, hosting something malicious on a subdomain.