If that is the case, why pull it when they got "caught"? There is no "source" to compare too, the crack is made by decompiling the original exe into assembly, looking for the DRM checks, and removing them or replacing them with code that always returns the check as passed. The crack exe is normally much smaller then the original, because a lot of assembly has been stripped out. Given the nature of the work and the age of the game, it's doubtful the original group is even around, much less willing to assist an entity that spends most of it's time calling crackers like them the scum of the universe, responsible for every lost sale since the beginning of time.
At the time, it was normal to have working cracks within 24 hours of release, so it can't be that difficult. Given the only way to prove the binary is harmless is to go through it line by line in assembly, it would be easier to develop a crack from scratch then verify an existing one, especially considering they have access to the source to look and see exactly where the DRM would be called to start with.
I think the crack is probably harmless, 99% of them are. But every time you run an exe as admin(as most of the people who buy this on steam will), you are pretty much letting it do whatever it wants. And that means caution needs to be exercised, especially when the exe has been modified by a source that is inherently untrustworthy. Verifying a binary is harmless is pretty much impossible, even ones made without malicious intent can be dangerous because of bugs. So we are left to the source of the binary to give us our strongest indicator of whether or not it is safe. In this case Rockstar is claiming to be the source, because gamers will trust them, but the actual source is an unknown, unverifiable hacker group known only by an alias and an irc channel. Since the main technical benefit of purchasing the retail product (ethical implications aside) is NOT having to run binaries from shady hacker groups, this is a betrayal of their customers.