It’s safe if a) the management interface is only accessible by trusted users and b) there are no bugs. You can take care of a), but you’ll have to trust them for b).
How it’s done: they send you to a special URL on your live site and pass a signature by which the plugin on the site can tell that this request has been triggered by the management interface, then set the same session cookies WP would set if you logged in regularly, and finally they’ll simply redirect you to the admin dashboard.