Neglecting DNS settings can make it easy to claim valid looking (sub)domains. Subdomains in particular, are easy to neglect when a contract with a service like Heroku ends. When the contract ends another party can claim your (sub)domain with the service and start running their own software on it. And SSL certificates won’t protect you here. This article explains in more depth how that works.