It’s a great question and I wanted to post some of my answer here. Basically we do prevent other users from adding a domain that you have already added, and that includes subdomains. So for example if you add example.com someone else cannot come along and add subdomain.example.com to their account.
Now if you’ve pointed your domain to our nameservers and haven’t added that domain to your account with us, someone can come along and add that domain to their account and point it to wherever they like. This is absolutely true. This is why I would echo what delrakkin254 said above, never point your domain to a DNS service unless you’ve registered that domain with the service. This is typically true of most (if not all) DNS services, at least all of the ones I’ve personally used. Certainly “Because everyone does it” isn’t a reason to stick with it though, if it becomes a problem we definitely want to address it. We also don’t want to make our DNS system a significant inconvenience for everyone, so there’s a balance to be had.
Of course, if someone is pointing their nameservers to us and they haven’t added the domain to their account, then they find that someone has hijacked the domain, I am very interested in this. Please open a ticket and let us know. Obviously taking advantage of our customers for malicious activity or for personal gain is going to interest us significantly and rest assured that we’ll always be here to review any situation and consider any appropriate resolution.
We always try to take the human approach. If something is bothering our customers we definitely want to know about it. I hope that answers your questions and we’re here if you need anything :)