Speaking strictly as a client:
@superj707I do see what you're saying. However this is something to consider when electing to use any third party file, be it a theme, plugin, application or other, in that if you do need assistance from the author for it then occasionally depending on what the issue is they may need to request access.
Obviously you are completely and utterly within your rights to not give them any access at all and I can fully, completely understand that although I also understand in such cases their support may be limited in what they can offer "working blind" as such.
Sometimes they might be able to give you some debug code or additional steps to throw out some information that may assist but I do as I put above very clearly see both sides to this as you may have confidential information to protect or such information may be covered by various NDA's or suchlike. This is before even considering any legal requirements of data access or things such as 'data protection rules / acts' into account either.
I guess it boils down to partly a matter of trust and partly to what requirements (both legal and say conscience) are present. or to put it another way "If I install this third party file and I am unlucky enough to have issues we (we being the author and the site admin etc) are unable to solve 'as is' can I allow a third party access or not?"
As you know not all issues are going to *need* third party access, it may be as simple as awaiting an update from the author for perhaps a "known but rare issue that only happens if you also have third party file x present too" or they may have a suggestion on what the likely cause is such as say another way of configuring the applications settings to rectify it, the later is only really likely with complex, large apps however I suspect.
One idea I have seen suggested in the past is to install a test board and install all the apps you have on the "live" board on that, so in effect you have a copy of your live board but minus the members and their data and if the issue happens there too, perhaps allow the author some kind of limited ACP access to that. You would also be able to setup for instance restricted FTP if they required filesystem access but again it boils down to trust. I realise this is not exactly ideal either for various reasons.
I do not immediately see an "easy idea or solution" to this although I shall follow this topic with much interest as this subject has come up before in the past. The 'remote viewing' is a good thought although if it was strictly viewing only then it may not be ideal however it is I feel in some cases possibly better than static screenshots.
Speaking as a Marketplace Mod:
Talking of files containing things they should not: I do look at new files for anything that should not be there, and they are tested in a decently "sandboxed" environment. If someone did upload a file **purposely** containing malicious code then I would not hesitate to have their upload permissions revoked.
Speaking generally about files: If there are any 'concerns' (for want of a better word) about a submission in our Marketplace then I'm happy to be contacted about said file and I'll download and examine it if required.
Regarding actual testing of files, apart from the obvious such as making sure "it does what it says on the tin" as such, there are other smaller tasks too, for example to check that it is not causing unwanted issues with other addons (files are tested with all official apps present and active) as well as reading any documentation provided in both the file description, any "readme" type files in the submission itself and more minor items such as checking the screenshots match the file.