Of course, but how would they know? The vector I refer to is my ability to create "evidence" and report you to their customer service.
Eg, i'd wager the GGP comment who reported 26 domains did so in a manner that would be fairly easy to fake. So what is the requirement of reports? Too loose and it's easy to fake, too strict and it becomes to difficult to report _(or too costly to verify)_.
Every domain had the same content, was styled in the same format (something like a28d92.com, then b28d92.com...) and all were acting as redirection platforms for phishing sites and all were registered on the same day.
It wasn't hard to verify or easy to fake, or loose. Namecheap's legal/abuse department are just completely incompetent/don't care about their own TOS.
