With the shared IP (solo IP for the server) I would rather suggest linking it to the hostname by default.
Just like if I open a page that has been linked to the server, but not installed within it, just show the 404-error-page.
Currently the behaiviour means that the first SSL-domain will be loaded. Even if it's self-signed and meant as a dummy, leading to access to the mentioned accounts directory - by default.
And as the IP cannot get a SSL certificate within the Backend, I see no reason for it doing so. Even if I set the shared IP to be Primary on another domain, the SSL-Error page still arises and there is currently no way of getting rid of it.