It appears to be more of a UI issue where the legal entity name is shown along side or sometimes in place of the URL which can be misleading.
To compound problems legal entity names are not required to be unique across states or countries so an EV certificate for a popular company name can be obtained in another geography and presented to the user on an attacker controlled domain.
