Indeed, I would think that it would have been required for testing certificates to be issued for non-existent domains or at least use an invalid TLD. Something like "google.symantec" or "test103.local" so the testing lab's DNS servers would still recognize it, and the certificates would show as proper EV, but if the certificates leaked, then they'd be absolutely useless unless you added those fake domains to the victim's DNS (Which if you could, then you wouldn't need the certificates in the first place)
Biting the hand that feeds IT
