I can't say what you should or should not do, because it depends on things I don't know or cannot know. And those things are largely non-technical. What are the security policies in your organisation? What sort of data is in that system? That is, how sensitive is it etc.
Another thing to weigh in is the skill level of the developers. If they understand that running Trace adds overhead, and that certain events adds tons of overhead, and they therefore are restrictive with their traces to what they need to know that certainly helps. And most of all, they need to understand that the simplest way to sink a server with Trace is to use Profiler, and therefore all long-running traces server-side, even better.
But overlooking these considerations, I would not be two worried over granting ALTER TRACE to these people. Although, I should hasten to add that since I work in a a developer role myself, I am partial. I would feel very handicapped if I cannot run traces.
Note: you said "trace", therefore I discussed in those terms. But if they in fact want to run extended events rather than trace, the same considerations apply. But the permissions are different.