Perversely, a well-timed DNS record update and cache expiry could make a URL not-equal to another URL made from the same string of characters.

That's the essence of a DNS rebinding attack, which can be used to bypass server-side request forgery vulnerability mitigations.

I might be wrong, it was a long time ago, but IIRC a different DNS rebinding attack was actually part of the reason this behavior was introduced to the URL class, to help protect against such attacks in Java Applets.

Hell, no need for a record update: just multiple A records for the same hostname, with a short enough TTL that two different URL instances could conceivably resolve differently.