Supporting regex would be a good thing for power users, but I don't think its necessary, and would probably be difficult to implement (or maybe not? hard to say for a non-programmer)... but what is it we're trying to accomplish? First, make PM as secure as possible, right? Second, keep it as simple as possible?
There are two ways of looking at this:
User enters 'google.com' (minus the quotes) into the 'When URL Contains' field...
1. Leave the URL entry as a 'contains' argument like it is now
Code PM so that it evaluates URLs according to the pattern I described before - specifically, it only allows for characters preceding what the User enters into the URL field if they are separated by a '.' (dot), e.g., for the above given URL:
mail.google.com is valid
mailgoogle.com is NOT valid
and only allow characters after what is entered into the URL field if they are preceded by a '/' (slash), e.g., again for the above given URL:
mail.google.com/login.asp is valid
mail.google.com.xyz.net/login.asp is NOT valid
2. Change it to 'When Domain Equals'
I don't like this option - pages get moved around and changed, and things start breaking - and although I guess it does provide much more rigid protection - but is it really necessary?
I think option 1 is more than adequate, and it gets my vote - if this is going to get changed in the first place.