Wildcards themselves are a technical device. The wildcard concept is a red herring in the discussion of Verisign's, MuseDoma's and others' insertion of wildcards into their tables. Whatever the actual reason
why the IAB was too honest to say "Wildcards bad, end of story"
the correct reason is that wildcards are not inherently bad, and no statement about wildcards is in fact the end of the story.
The key question behind Verisign's and MuseDoma's actions is, "who has the authority to bind each domain name?" The operator of a DNS zone performs its duties for a particular constituency, which varies from zone to zone. Authority for general policies comes from the constituency, and entails particular authorities over particular domain names. An operator is responsible for respecting the authority of its constituency, and for encouraging healthy technical practices.
In the case of the root zone, .com and .net, the constituency is essentially all of humanity. ICANN is the least problematic organized representative of humanity for this purpose. Verisign holds a contract (and apparently a very lucrative one with high profit margins) from ICANN to perform a large part of the .com and .net operations. Within these subdomains, it is widely accepted that control of a particular name is valuable, and must be awarded to particular applicants based on a combination of temporal priority, willingness to pay, and rights to trade names and marks connected naturally to the domain name. Verisign bound a huge number of these domain names without approval from its constituency, nor from ICANN as a representative of its constituency. Furthermore, it appropriated to itself a commodity with a high market value which it does not own, but holds as contractual steward for ICANN and humanity.
It appears that the constituency for .museum may be well represented by MuseDoma, which may have acted totally responsibly to the authority of the constituency. If so, there is no objection to their use of a wildcard entry based on authority.
It also appears that MuseDoma crafted its wildcard entry entirely to support a particular sort of Web browsing. If so, they are probably guilty of an engineering error. Healthy technical practice dictates that DNS responses must serve all possible applications at the IP level, and not just higher-level protocols, such as HTTP. In a very small subdomain, created solely for the exercise of HTTP, it is OK to ignore other uses. It is unlikely that .museum is small enough to qualify for this exception. But, based on the information before us, MuseDoma has probably made a modest and correctible technical error, and has not exceeded its authority.
Of course, the technical objection applies very strongly to .com and .net, since addresses in those domains may be used for anything. As a really good steward, Verisign would have resisted popular pressure to add the sort of wildcard that it did, and explained to its constituency why every table entry must support all possible IP uses, and not only a subset of higher-level protocols---not even the subset consisting of all protocols in use today. To have instituted a technically unhealthy step (and it would be unhealthy even if the immediate consequences were all positive, because it constrains future innovation) against the wishes of its constituency is a serious ethical, and apparently contractual, offence by Verisign.