In standard Magento (at least up to version 220.127.116.11.) admin password is changed as soon as you do "Forgot my password". This can be potentially annoying if you have someone who is messing with you. Please note that I said "anoying", not "dangerous". All it takes if for that someone to know your username, and he can just do "Forgot my password" and the system would generate new password for you. Thus, next time you try to login, even knowing your old password can push you to do "Forgot my password" yourself. Extension sends confirmation email first, then after you click on the generated link sent in email it changes the password for you.
Extension should be safe for usage. It uses action pre-dispatch hook to hook into specific controller and specific action.