The Helix table are scopes that can be used with Helix endpoints, the Kraken table are scopes for Kraken endpoints.
Yes, because if it didn’t support all scopes you would end up with services that would need their users to log in twice, once to get Kraken scopes, and again to get Helix scopes. By allowing all scopes to be processed together it means just a single login is required.
There are scopes that have identical functionality, but for different endpoints, such as user:read:email, and user_read. To have a single table would make it difficult to indicate which scope is for which endpoint, unless you also include a new column to indicate that but then you’re over-complicating it.
I think your confusion comes from you how you switched from the old authentication URL’s to the new one and assumed they were for different things.