"We only ask for privileges we actively use, but unfortunately some of the permissions aren’t as granular as we would like."
I personally don't care if they "actively use" my admin password, they have no business having it.
I have applications on my Mac like Mountain Duck and the new version of ChronoSync that allow me to mount an SFTP or WebDAV server without handing my password to a 3rd party - they ask me to give them rights during setup (as they need to create a mount in the file system), but not the actual password. That's how it's done properly.
The moment you retain passwords that are none of your business you'll be the first to face questions when data is stolen or accessed by unauthorised 3rd parties. Not a wise move IMHO (well, OK, for my work the very concept of using an untrusted 3rd party would be anathema, but it works for some people).