I've been reading zero to monero and just learned about Pedersen commitments. Im not sure if they use different equations or not but the one i learned is

C = yG + bH

y is the mask and b is the amount. H is some know generator point µG where µ is unknown.

Is µ truly unknown and if its not unknown is this a security vulnerability? Also whats the purpose of H? why cant G be used in its place?