The get_categories function in datalib.php tests has_capability('moodle/course:create', get_context_instance(CONTEXT_SYSTEM, SITEID)) when deciding whether or not the user should be able to see each invisible category in the list.
This means that if you want a user to be able to see hidden categories you have to give them course:create permission. That seems a bit excessive to me, as I want people to be able to navigate to courses inside these hidden categories e.g my teacher's sandbox where they have permissions INSIDE the course, but I don't want them to be able to add courses anywhere.
May I suggest a new viewhiddencategories permission that would sit beside viewhiddencourses? Or just use viewhiddencourses in this function?