Wildcard certificates have advantages but drawback too. They should be used carefully
They increase the risk of virtual host confusion attacks for example:
But they can make configuration simpler, more robust and prevent disclosure of "private" subdomains.
About the OWASP warning, if the wildcard domain is used only in one machine it doesn't apply. The low usage rate could be explain with the high price of wildcard certificates, and the EV violation is not applicable in Let's Encrypt context