I see two issues: the mere existence of punycode (does any serious website use a punycode domain?) and the ability of any website to generate an ssl certificate for itself in a matter of minutes, making the "secure" part of the UI most users have been trained since forever to respect irrelevant.
I see you're Spanish, and so am I--how many times have you seen domains with accented letters? If I see one of those I automatically think I have to remove the accents before I type the URL in my browser.
Regarding countries that don't use latin letters, examples:
Not many, but arguably Spanish people (at least young people in Spain) omit always the graphic accents in instant messaging and many times in social media so it's not weird for us to type an url without an é or an ó. I do know I've been asked by companies to get both the accented and unaccented names just in case.
In contrast, Japanese or Chinese people almost never use English characters mixed with their own on a day to day basis.
The alexa results is really interesting, but I think the whole unicode in the url thing is recent (or at least browser support), right? so it would make sense for unicode urls not to be so popular yet. Or it might just be that way, I'd love to see say the top N sites what % use punycode to see if it's relevant or not.
Punycode has been there for over 10 years and it's almost unused. If it hasn't been a success yet, it will arguably never be a success. It's not worth it to let it live, given the hazard that phishing poses.