Apple resellers are allowed to both perform repairs where the broken part goes back to Apple and just sell you a part. I believe their costs are way higher for the costs of an "one way part" so in practice, this does not happen much on major components that are not commodity parts.
In your particular instance, I would look to see when that specific model goes vintage. Presumably, Apple would then sell their stock of parts to the repair centers and for a limited time, there might be a nice supply (prices low) and no risk to the people carrying the part that their costs to carry inventory will raise the price of that part.
Even from reputable sellers, many parts that exist on the open market are scavenged from machines that are damaged (sometimes by liquid) and disassembled for parts and carry only a short warranty if any from the seller.
This is a good thing in almost all cases - reusing perfectly fine parts when they are properly tested is inexpensive and proper. The flip side, is what machines get damaged and don't get fixed? The worst kind of damage.
An iMac is very much not at risk from liquid but other things like power surge, can affect parts in an invisible way. Again, the question is of self-selecting. Which macs don't get cheap parts to fix the issues they have? The ones with major problems to either the display or the logic board.
For these reasons, I prefer to buy parts from a company I trust to know why a used mac isn't getting fixed so I can get good parts from them. Similarly, I'll gladly buy the damaged mac from the person that wants to sell it for parts so I can evaluate the damage myself. They are usually forthcoming why and how it got damaged ( and also pricing my offer knowing it may be a total waste.)
As always, finding a good mechanic - someone who knows the business and has experience with hundreds of repairs on your specific model and thousands of repairs under the belt is more important to knowing when parts can be used.
The sad fact is specialized and highly reliable parts outside of Apple's supply chain are too expensive to be widely available. It's hard for consumers to know if a good price is a lucky break or the seller has more information of the part's heritage and passing on hidden risk to the buyer.
Best Answer
You can probably trust the average genius team (since the machine will be under the watch of many people while it is out of your possession). From a legal standpoint, you have agreed to the AppleCare Repair Service terms and conditions by signing your property and data over to Apple. For the rest of this discussion on the contract between you and Apple relating to your data, I'll focus on the English north american contract.
It lays responsibility on the person bringing in the equipment to remove all confidential or proprietary information from the system. It also lays responsibility on Apple for having "security measures, which should protect your data against unauthorized access or disclosure as well as unlawful destruction." which a lawyer will focus on should which is more binding than may but less binding than shall/must. It continues with
But why not be a bit skeptical and ask why you might trust them. Sure they are probably trained to protect personal data of customers and respect privacy and there is social pressure to not be a jerk with your personal data.
Some devices (iPhones, iPads, Air and retina MacBook) require advanced skills and potentially damage to the equipment to remove the storage module, so this is something worth exploring a bit as not everyone can simply pop out the hard drive during service like older MacBooks allowed.
I would say never give your password until you understand why it is being used and you are fully informed and willing to take that risk by disclosing your secret. I would also say, when I choose to not entrust a specific password, that I've done one of four things when I have something in for service that was in the category of data requiring more protection than none.
Basically, If you hand your computer to Apple - you are handing it to someone with the tools and help to bypass all passwords(including firmware and normal physical security of the case) and read the data from the hard drive or just take the storage and keep it. Unless you have FileVault or other encryption (like 1Password) and withhold that pass phrase. A technician could if they wanted, make a full copy of your data and perhaps even go snooping. I would ask the genius (or technician) to help educate you to how security works before you proceed with this repair.
If you had a few extra-secret files, you cold put them into encrypted disc images.
There are many repairs where a password is needed to complete the service if your service involves software changes. Normally, this password is asked for to speed up the repair for you and let them replace any and all parts needed to complete the repair. If they are in and find you need a new motherboard, they could just do that if you give them the extra permission and password they need to do all possible work without stopping to contact you and explain what/why.
In your case, I would simply say you'd like to know a bit more about how they secure your password and your data during service. I would bet that the person asking for your password was lulled by the 100th time they've checked in a machine and forgot to ask you if you had any questions or perhaps missed your uneasiness about what was being asked. Once you've made your concern concrete by asking why they need it - you can then say you'd feel better not giving it and ask if that will either delay or prevent the repair. Any shop I trust will spend time to address these concerns to your satisfaction before they would accept your password. They would also lay out for you how to secure things again after the repair - change these three passwords, etc...
As a class, my opinion and experience is that Apple service technicians are highly professional, trained on privacy of your equipment and information and have thought out very well what, how and why they ask for someone's password. But even if bad things have never happened despite good training and policy, mistakes can and will happen in returning the wrong laptop or theft and your data is at risk when in the shop.
It is you in the end who have the right (and responsibility) to be a little suspicious - especially when it's not clear how your password will be used during a repair. The clearer you can be with your concerns - the more comfortable you will be with your choice to trust the specific team you interact with on a case-by-case basis.