These three domains have been found to have been widely used by organisations for internal use, even though they are not available from ICANN.
Numerous representations have been made to ICANN that delegating these domains would cause "string collision", including by ICANN's own Security and Stability Advisory Committee. String collision occurs when the same domain is used by different parties, recognised by different DNS resolver trees, meaning that the user may not be directed to the resource they expect. This can pose a risk of phishing fraud. String collision is normally considered a risk of a split DNS root (i.e. someone trying to usurp ICANN's job), but can also occur when individual organisations make "private" use of an unregistered domain on their own network.
For example, if .corp were available for registrations then someone that registered fileserver.corp might receive traffic that users expected to go to a fileserver on their own corporate network - a clear security risk. By preventing these top level domains being delegated, ICANN has removed that threat from corporate networks already making use of them.