3. I entered a custom url like_this and it was automatically changed to like-this, which is nice, but was very confusing, since I couldn't later find the page. I think it would be better to just tell me that I included some characters that are not allowed. Same with dots, which got me while trying to create robots.txt ;)
The use of unencrypted HTTP is probably deliberate to allow it to be used on even very dumb devices like feature phones (see http://txti.es/images/images) and to remove the 1 to 2-RTT latency penalty for TLS 1.2 connections since that can matter when your connection latency is on the order of seconds.
I've recently moved in the direction of creating pages that look like this for my own website. I have a T-Mobile hotspot and it's not uncommon to find myself with 2G service. I can't even check the score of a basketball game with 2G.
There have been instances of .es used as vanity domains being requested for deletion: https://www.namepros.com/threads/recepi-es.943453/ so I would be cautious.
Edit: here's the full legal regulation regarding the use of the domain, but sadly it's only in Spanish: https://www.boe.es/boe/dias/2005/05/31/pdfs/A18170-18175.pdf