Certificates are designed to identify a single administrative entity. With public top level domains there is no single administrative entity for things like *.com, only for *.example.com or even more levels like in *.co.uk. The necessary level can be seen from the public suffix list and this is what browsers usually do to determine the minimum level for a wildcard certificate.
For privately used top level domains there is of course no such list since anybody can come up with these. Browsers fall therefore back to the common minimum level as seen for the public domains.
Note that while RFC 6125 does not explicitly address the issue the errata at least acknowledges it:
RFC6125 bug: Checking of Wildcard Certs lacks spec of how many labels in presented identifier
...
Likely the approach will need to consist of a "SHOULD" declaration and some hand-waving about how "matching wildcards on presented identifiers with less than N (?) labels to the right of the wildcard has various increasing risks as N approaches zero, and that implementors should perhaps consider leveraging some of the available public suffix identification mechanisms, but that those are out of scope and have their own operational and security considerations."
