It does leak domain name info, but then you do still have the option to use a wildcard certificate or set up a private CA instead of relying on public ones, which likely makes more sense when dealing with a private resource anyways.

I guess there might be a scenario where you need "secret" domains be publicly resolvable and use distinct certs, but an example escapes me.