The issue is that there is only one set of MWS credentials per pro seller account. They have also become ridiculously hard to change, so rotation is a problem without risk of disruption. The sub-accounts you are creating are for the seller central access.
The bottom line is that unless your developer is a highly trusted long term employee, they shouldn’t have direct access to your (horribly) semi-permanent MWS backend credentials. Even if they are trustworthy, they risk accidentally exposing the keys in code or dev environment, and still require reasonable controls for protecting data generated during development or testing. Having the keys means control over execution and data generated.
If your development is secured well in the cloud, you can setup a signing function that your developer can call but can’t modify, and you can then secure the credentials separately. (such as AWS secrets manager) That way you can control who/what can call the signing function, and block access when necessary.