Well, if you had access to grant table mysql.user you would have also been able to
SELECT User, Password FROM mysql.user. You got it? Yes, you would be able to hack that
mysql database. So it's a good idea that not everybody is allowed to "see" grant table.