What do app specific passwords give access to?

I'm thinking of using a 3rd party email app on my iPhone (Airmail) and I'm guessing as I have two step verification (2SV) enabled I'll need an app specific password for this?

If so what access does this specifically generated password give to my iCloud account?

I'd like to think its only to my calendar, contacts, notes, reminders etc, NOT to my actual account and the things under that such as credit card details, physical address etc? Can someone enlighten me on this matter please.

I'm still too nervous to use 3rd party apps until I fully understand this process and its risks. Whilst I understand that giving access to my iCloud data has inherent risks these are mitigated by the trust I give the company involved and the level of access the app specific password would give anyone if it fell into the wrong hands.

I'd like to think that the password would never leave the app other than to communicate directly with the iCloud mail servers (in this case). I am aware that in this case (email app) then push notifications will require some 3rd party server intervention. I was planning on using fetch schedule rather than push as I don't get too many emails I immediately need to read. This would bypass all 3rd party server involvement I believe.

Any clarification help is greatly appreciated.

Radar