Well, much as I agree that it would be appropriate to know these sorts of things in advance, I think we need to remember the project is still in beta.
I did manage a workaround, however.
At present, VM doesn't fully support the new Joomla 1.7 ACL shema so far as I can see. If you authorize someone for the back end, VM shows up no matter what their member group.
Here's what I did:
1) Create a new user group off of the 'Public-Administrator' group. Name it 'Site Admin', or something like that.
2) Go through ALL the components OTHER than VM and DENY permissions (for each component look at the top right for 'options')
3) Assign selected users to that group.
This will get you where you need to be, although it's a bit messy, and can expose other components that are also not fully 1.7 compliant (like Chronoforms) to the user. Probably a good idea to make regular backups using Akeeba.