The thing is I don't think this is up to the developer of the application to say if it needs to be installed on a separate server or not. Yes the developer have to provide you with installation instructions and make sure the application is certified, etc. but how the developer can control or require where the installation will be? It is up to the PCI-DSS requirements to state and control this.
http://forum.x-cart.com/showthread.php?t=63462&highlight=separate+server
Like you said - I am not a QSA - same applies to QT. They can state their opinion or interpretation, as well as their SAQ opinion or interpretation but as we all read a lot on this forum their SAQ was giving them advices and requirements with which many here disagreed of the way they interpreted it. I still think that your bank is the one to say how you are compliant. It is another question if the compliance officer knows what all this means or not. They may approve you and later if there is a breach blame everything on you for not following the requirements even if they approve the compliance
This is a very thin ice a lot of merchants walk on. And it is a very dark territory