This question oftens comes up when clients reach out to me for help on their site. I know it can be a scary thing giving out Administive credentials for your WordPress site that you have worked so hard on and have likely put in countless hours, but in order to work on a site you developer, designer, or consultant will need this access in order to get to work.
There is certainly a level of trust when handing over the keys to your castle but in all my years working for various hosts I think I have only heard about a few bad actors and honestly then there is a good story behind it. All in all I think you need to think when hiring someone to work on your site, its much like hiring a mechanic to work on your car where you likely dont even think twice about leaving them with your vehicle and handing over the keys only to be told that they will get ahold of you when the work has been completed.
Another thing that I have come across over the years working at hosting companies (Or my own hosting setup for friends and a few clients) as a System Administrator, front line of support is that how there are a lot of customers that dont feel comfortable giving you their WordPress login, which I have always thought was funny since their files and database are simply a terminal screen away accessible via SSH on the server.
All in all if a Systems Administrator, Support Representative, Developer, Designer or your Consultant is requesting the login details and you are paying them for their services its likely a safe bet to provide them with them or atleast creating a new WordPress administrative account for them.