I'm interested in these reasons the application needs the db_owner database role.

I'm with Lowell on this one: revoke db_owner and grant execute, db_datareader and db_datawriter.

The login should have the least permissions it needs to do the work it needs to do. My guess is that creating new database users and granting them permissions is not among them. Also, revoking the permissions of others, dropping database users, disabling triggers and detaching the database should not be among them.