F-secure make a very good point in their open letter to domain registrars:
Are you sure you want people to be able to register any domain name? Even when the name is obviously going to be used for phishing? Like, say, somebody is trying to register a .com domain with the words “ebay” and “sign-in” in it? Isn’t it pretty obvious that something might be going on here?
You’d think a filter on the more obvious phishing targets – eBay and Paypal probably being the two biggest – would make sense for everyone.