You can get a PTR from an IP address, but that's not the same as "the hostname the client requested". If virtuous_activities.com and shameful_fetishes.com both resolve to the same IP address (assuming some application protocol like HTTP that can distinguish by hostname) I could certainly imagine a situation where a client would want to keep the particular hostname requested secret.
(Obviously the attacker in this case would probably also be able to sniff the requests from the resolver, but still; I'm not making this complaint up or anything, a lot of people have mentioned it before.)
Huh? I used to have ~100 hosting clients per IP address, none of whom were in any way related to each other (other than in having chosen me as a hosting provider).
Actually I think it's quite common, it applies to any site not busy enough to justify a dedicated server. By the long tail principle that will be the majority of sites on the internet.
Oh, I should be clear, I'm specifically talking about sites sharing a certificate. I know a lot of sites use shared hosting, but it's awkward to get a certificate for a pile of unconnected sites. Most of them will either not support HTTPS or require paying a couple dollars for an IP. (Or, these days, try to rely on SNI.)
