Customer contract should provide sufficient protection in a change of control scenario. Acquiring companies can’t typically cancel acquired contracts in a change of control scenario without consent. However, oftentimes, a customer will want the right to back out of a contract in a change of control.
Now, from an acquirer's standpoint, it's common to see customer's consent upon the change of control and source code escrow. Typically, source code escrow is when the vendor is providing critical service and there is risk that the company could go out of business and shut down. That shouldn't spook any potential acquirer. Under normal circumstances, the acquirer would want to continue fulfilling the customer contracts (ie., revenue) unless it's to a competitor or something non-strategic. What an acquirer doesn't want to see is that the software assets are encumbered. You want to minimize the chance of giving any excuse to the acquirer to back out during due diligence (as that's your most vulnerable state). You don't want to sign up to any exclusivity. If you have to do it, time-limit is a good option or you can also consider an exclusion list (exclude name companies). Also, be careful signing up to multi-year obligations to serve them. Usually transfer service obligations are no more than 12 months as it is meant to give the customer time to switch vendors.
Any IP assets (software, patents, trademark) should be free and clear of all encumbrances/liens and ownership disputes. Some examples of encumbrances are the lack of employee/contractor invention assignments (which could lead to potential claims), any joint-IP that requires license back from a third party, even some gov't grants could trigger IP lien by the gov't. Restricting the buyer to use the IP that they are buying in a particular market/timeframe could a problem as the intent of the acquirer is to use/sell the software globally. Most contract lawyers should be able to advise you of all this. While the practical risk is low, acquirers back out of a deal because they used this as an excuse.
Just to be clear, M&A event alone doesn't trigger source code escrow release. Yes, source code escrow would give the source material that was deposited to a provider such as Iron Mountain to the customer. The norm is that source code escrow release happens only under the conditions that 1) the company goes bankrupt or 2) the company is in material breach of contract and fails to remedy the breach under x days. I'd just limit to these conditions. Anything more would be out of market.