It's fine as long as both exist and third parties are not allowed to know which one you're running.

Otherwise, you have banks and MAFIAA and others off-loading their own security and compliance costs to users by flat out discriminating based on the status of the sandbox.