The official twitter app is possibly using these premium endpoints, so it's token has access to those. If you "grab" that token(s) somehow, you can go ahead and use it in your app, I presume. I don't know how this will work when your app wants to connect to someone else's account, however.
Nefarious purposes, mostly. I can crawl without rate limits (well, there are rate limits, but it's much harder to hit them), and I also can spam a lot without getting my account flagged (but it eventually gets flagged, of course).
By spamming I don't mean the usual "click on this link and I'll show you my tits" spam; if you create a useful bot that sends "expected" mentions (for example in response to mentions you receive, and not just spam) it will get banned in a matter of hours. With their "secret" tokens, it won't get banned.
And you can do it if you want. I do it. I'm sure many more people do it.