All arguments apply to any form of domain validation (e.g., by email confirmation). It is really hard from outside to distinguish ownership from pwnership.
They normally do it by email.
2 posts were split to a new topic: Why doesn’t Let’s Encrypt use WHOIS information for domain validation?