It's crazy how hard it is to fight fishing and spam, if I had programmed that UI I would never have thought of that. Maybe they're waiting for someone to actually exploit it before they make the UI less clean. It could be quite easy to make a special case for "email-like" recipient names, but it could also probably be cheated with some unicode wizardry.