Exactly this. Another factor in choosing TLDs is that they have different rules. Read those rules closely. Some of them make it much easier for them to take the domain names away from you, for things like copyright infringement, for example. .COM/.NET/.ORG have the strongest rules protecting your ownership, as far as I can recall. This is one of the reasons I stick to those old 3 rather than using newer gTLDs like .INFO, .BIZ, etc.

Just wanted to add something for future reference of anyone reading your post: after Canonical did this, LXD was forked by Linux Containers into a new project named Incus.

It’s crazy that they didn’t include all the “should” items in that list. If you read the entire section, there’s a critical element that’s missing in the list, which is that new passwords should be checked against blocklists. Otherwise, if you combine 1, 5, and 6, you end up with people using “password” as their password, and keeping that forever. Really, really poor organization on their part. I’m already fighting this at work.