It might be a method to avoid trigger an overenthusiastic WAF, but these are all SQL tokens and keywords. It seems far more likely that they've blocked them in a desperate effort to catch injection attacks.
There might not be an actual attack vector, they might block these words in all inputs. It just smells like incompetence.
WAFs commonly block SQL keywords to prevent SQL injection, so it still holds that the WAF could do it.