You can still see the full URL by focusing the address bar with either a click or ⌘-L.
I think it makes sense for the default display to show the most security-relevant information (TLD, SLD, and presence + validity of the certificate) in the default display, while deferring the full display (incl. spurious or malicious information that might be in the full URL e.g. https://example.com/www/paypal/com/login) to a user request (click or shortcut).
That said, Chrome 69's decision to to hide /all/ instances of www in the domain is unconscionably bad.
I think it makes sense for the default display to show the most security-relevant information (TLD, SLD, and presence + validity of the certificate) in the default display, while deferring the full display (incl. spurious or malicious information that might be in the full URL e.g. https://example.com/www/paypal/com/login) to a user request (click or shortcut).
That said, Chrome 69's decision to to hide /all/ instances of www in the domain is unconscionably bad.