The form input is sanitized by wp_kses_normalize_entities( string $string ), see:
https://developer.wordpress.org/reference/functions/wp_kses_normalize_entities/.
You can deactivate it by using the kses option, see:
https://www.advancedcustomfields.com/resources/acf_form/
<?php
acf_form(array(
'fields' => array('res'),
'submit_value' => 'Send',
'updated_message' => __("", 'acf'),
'kses' => false,
));?>
However, it is never a good idea to not sanitize user input. If you pass up on kses, you should sanitize it some other way that watches out for links and leaves them intact.
