These are great points. In my reply I was maintaining the assumption of the legitimate aims of such an audit, but as you point out admin access in the hands of a nefarious or technically incompetent actor creates a risk of damage, accidental or deliberate, and that is an excellent reason to avoid sharing admin access.