Being concerned about giving ACP access is a valid concern, and a concern that site administrators should never take lightly. That is a decision for each administrator to make.
With third-party applications there are many variables in play. Every site is set up differently (e.g., configurations, modifications, applications/plugins, server set up, etc.), and so it is impossible to take into account of everything. In most situations the applications do work out of the box. There are some cases when applications do not work as intended and part of the troubleshooting process is to determine whether the issue is global or isolated. As far as I can tell the issue is not global and the application author could not replicate what you've experienced. Based on what I've read, the issue seems to be isolated to your site. There's only so much you can do by posting replies back and forth.
The author asked for ACP access, not full ACP access to be specific. You could have PM'ed her and discuss what she'll need access to. If you do give out ACP access, you can restrict the access levels, such as restricting access to your members and payment information. For this particular app, it's unlikely she'll need access to those information anyway. But don't quote me as I don't know what the author requires. Below is what she asked for. I don't see "full access", just "ACP credentials". Excuse me for chiming in.