I don’t think that’s a very common setup but perhaps I’m just exposing my own ignorance. Just consider the popularity of ORMs. They explicitly load the schema into the application in many cases.
Not just that, but perhaps the app is smart enough to lock you out the second it detects an attempt to gather the schema, e.g. by logging and automatically responding to a query that displays the schema. Then you have to look for other ways in (another IP, etc.). But if you know the schema in advance, you have a better chance of a one-shot injection that accomplishes your malicious goal.
In other words, advance knowledge of the schema may make it easier to act maliciously.
