I am considering outsourcing some work but don't want to provide access to our instance for security reasons, disclosure of IP, etc. Has anyone engaged third party developers on that basis where as example you specify that the code be installable using the standard package methods and additionally using a source code/security review to ensure no security issues or back door code is implemented. I.e. best practices, etc.?
If we do custom design or development that requires modification of the code we ask for server access. Also in case clients had problems with installation of our plugins we ask for it too. Often there are permissions settings which are incorrect or some other server related issue.
Probably the best way is to have a dev. installation of the same server in some folder. It should not have any additional plugins and you can give access only to it.
Try to keep all new features in modules if possible. This way you won't need to provide any access. Except of course those modules will require complex setup on your server (for example video setup).
I think it's safe to give server access to developers recommended by SocialEngine team.