If you're running any software on a computer that others have access to login to or to the file system, you're already at a disadvantage if you're trying to minimise or control access.
Ultimately, if you have R/W access to files on the disk or the memory of the computer/server running any software, you can reset passwords, or use other methods to break in - like reading passwords out of active memory, stack tracing, or other available "debugging" methods.
A vendor can bake in some kind of 'protection' so you can lock a system down (like non-resettable admin passwords), but ultimately these are just a deterrent - with some effort, this kind of thing can often be overcome. As an example, Mitsubishi Alpha PLC passwords are easily discovered if you know what area of memory to read from their config tool when it 'tests' the password you enter. Ask me how I know ;p
The best approach to protect your work is to deploy as a 'black box' type system. You run on a MangoES, Separate physical server, or Virtual Machine, where you give your client only the minimum access required to use the system such as a less privileged user to login via web browser only to a dashboard. This also gives you the opportunity to sell them 'support' on either per-incident or subscription basis for the deployment.
Hope this helps!