I feel like you could do this just watching network traffic, and judging by the fact that nobody's done it, I also feel like there's some mechanism preventing this that I'm not knowledgeable enough in the subject to be aware of.
The official twitter app is possibly using these premium endpoints, so it's token has access to those. If you "grab" that token(s) somehow, you can go ahead and use it in your app, I presume. I don't know how this will work when your app wants to connect to someone else's account, however.
Nefarious purposes, mostly. I can crawl without rate limits (well, there are rate limits, but it's much harder to hit them), and I also can spam a lot without getting my account flagged (but it eventually gets flagged, of course).
By spamming I don't mean the usual "click on this link and I'll show you my tits" spam; if you create a useful bot that sends "expected" mentions (for example in response to mentions you receive, and not just spam) it will get banned in a matter of hours. With their "secret" tokens, it won't get banned.