Didn't they sell their SSL & PKI biz to Symantec a while back?
I'd think that any moat would be built around their DDoS & other cybersecurity offerings.
I haven't read their financials but would bet that cybersecurity services generates the lions share of revenues.
Running the 13 TLD servers would give them a huge advantage in services like DDoS protection, managed DNS, DNS firewall, etc., & as long as they do a good job on that end, they'd continue to service TLD.
IOW, TLD is important mainly because it allows them an edge on cybersecurity.
(I'm learning Apache right now so this interests me technically...)