Relying on the way you happen to combine data, instead of using a function that's designed for authentication and has baked-in a safe way to combine the inputs, is a bad idea. "What if $EDGE_CASE_OF_INAPPROPRIATE_CRYPTO_FUNCTION" is never a good question to ask. Just use the right tools in the first place.
The first reason is because the questioner is looking for an excuse to use something different. In this case, your answer is the right answer.
The second reason is because the questioner wants to learn more about how cryptography works, for educational value. In this case, your answer is not helpful.