@mmsaaa Using the “full access” option will allow Duplicati (and anyone with the token) to access and modify all files on your Google Drive.
In itself, it is not unsafe, but it grants way more access than what is required. Google has announced that they will remove this option, except for applications with a security review. So far they do not appear to have started enforcing this.
I have not yet seen a way that you can mark files as belonging to Duplicati, which would be really nice when you upload through some other means.
The only way I have found that you can make files that Duplicati owns, and thus using the limited access, is to upload with Duplicati. There is a Duplicati.CommandLine.BackendTool.exe distributed with the main application that you can use to make commandline transfers. Files transfered this way, using the auth-token from the link you posted, will be “owned” by Duplicati.
You can use this tool to upload files, but it is not as easy as dropping files via the Drive website.