The documentation for the information_schema.DISKS table says the following:
This plugin does not check user privileges. When it is enabled, any user can query the INFORMATION_SCHEMA.DISKS table and see all the information it provides.
It seems like this table should be protected by some privilege. Maybe FILE and/or SUPER privileges would be appropriate?