No, that is not the case. It applies to legitimate sites. If someone were to SPOOF the URL of FreeRepublic, then the entire URL would be displayed, not just the name "freerepublic.com". If the URL is being spoofed, Safari will display the actual URL. It has nothing to do with HTTPS. . .
What I wrote is how Safari's address bar works. If you are being connected to a site that is not what it purports to be, you will see the entire URL so that you can check it for authenticity. If it is the correct site, you will only see the primary Domain name.
I don't know what you mean by spoofing a URL. Hacking DNS? That will work, but will be hard to detect unless using HTTPS. Being found on a blacklist, such as Google's Safe Browsing database? That helps, but isn't definitive.
Or did you mean phishing URL's? I once got an email that wanted me to click on a Bank of America site. Mousing over the link, the URL began something like https://www.bankofamerica.com/security_validation?... but was too long to display in full. So, I copied it to the pasteboard and dumped it into an external application, which revealed that it ended in something like ...@www.something.com/, where www.something.com turned out to be somewhere in Russia.