I predict this will lead to a lot of open DNS resolvers and CDN's getting null routed by corporations. I could be wrong, I have been before, but I have yet to see any answers in this design to prevent data leakage from corporate networks. This already happens to some degree, but is easy to spot and intercept. DoH will lead to security incidents and knee-jerk reactions.