Basically, some of the simpler stuff we can do to protect ourselves.
If the situation is happening ina unique instance, maybe they should try debugging from reading logs that their apps dump.
Thanks a lot for the tips but honestly, I wouldnt want to go through all this problems just to buy and use a web app. Isnt there a webapp, that is good to go after buying? (Thats what we want).
And the dont only ask for wp user access, they actually ask for cPanel access but from today I am only giving out ftp access. I am sure others can confirm too.
Some stuff I bought of here, had many problem that I had to keep talking to support after 4 months of purchase, just trying to straighten out the kinks and some of the issues were left to be resolved in the next update. So sometimes the whole support game goes on for a long time which makes the whole security aspect not fully certain.