The information they're telling you Apple might access is not your Amex card #, username and password, but your transaction info.
You're submitting your card # and login details to Amex initially to set up their passbook pass, then they're creating a push arrangement on their own servers that feeds that data to Apple's Push Notifications Service (APNS) servers so that Apple can then forward it to your Passbook.
Apple wouldn't ever have, or need, access to your Amex card # and login deets, they only get the transaction info forwarded to them from Amex.
And, as they allegedly do with iMessage, all those push notifications that get routed from 3rd-party > APNS > to your iDevice, should all be encrypted, end-to-end, so it'd be tough to impossible for any rogue Apple employee to even look at those transaction details from Amex.
It would be just as likely for a rogue Amex employee to access your account from their own servers.