Swiftkey has a pretty good track record on this stuff, and they mainly use that full access to ensure the 'training' that is done syncs across devices. Also, Apple will bring up the standard keyboard when typing in password fields or credit card fields (if they're tagged correctly by the web developer).
FWIW, I have currently started using Swype instead of SwiftKey because of the full access requirement...just to be on the safe side (simply because while SwiftKey might not do anything bad with it, the fact is that the data may still be transmitted, and could then be intercepted. ) Though to be honest, I do like Swiftkey a bit better.
It is pure trust with no guarantee. However, that company is a legitimate business and one could assume that it is not interested in messing with you. How well it protects any information sent is another matter.
I don't use it myself since I like the iOS keyboard.