And if you were to add your domain to the public suffix list (https://publicsuffix.org/) it would effectively be treated like a domain name rather than subdomain name within browsers for JS security, etc.
You'll notice that myshopify.com is on there... effectively allowing subdomains of that (customer specific, each customer does not trust other customers) is now treated like a domain so that customer1.myshopify.com and customer2.myshopify.com are both isolated from each other by apps and systems that utilise the PSL (all major browsers, etc).
And if you were to add your domain to the public suffix list (https://publicsuffix.org/) it would effectively be treated like a domain name rather than subdomain name within browsers for JS security, etc.
For example, if you look at the list: https://publicsuffix.org/list/public_suffix_list.dat
You'll notice that myshopify.com is on there... effectively allowing subdomains of that (customer specific, each customer does not trust other customers) is now treated like a domain so that customer1.myshopify.com and customer2.myshopify.com are both isolated from each other by apps and systems that utilise the PSL (all major browsers, etc).