Given the amount of enterprise infrastructure that generally hangs off a single registered domain, it is difficult to know what exactly was affected. It would be good to receive more of the URL information that was included in the log.

There is probably a balance between leaking information about internal systems, improved usefulness, and HIBP becoming a "juicer" target for attackers.

Consider that each of the following systems might have their own authentication system (the long tail even with SSO):
git.example.org
mail.example.org
vpn.example.org
admin.example.org/system1/foo
admin.example.org/system2/bar