Hi jmbill3, as Marc mentions, if a user cannot Delete or Update your List or SharePoint object, they won't be able to do so just because they have access to the web services.
By Default, the "Read" site permission grants access to "Use Remote Interfaces - Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site. " which is all that is required to make use of the SPServices library.
That said, unless you are doing some security by obscurity stuff on your own, you are not exposing yourself to anything more by allowing access to the web services.
By Default, the "Read" site permission grants access to "Use Remote Interfaces - Use SOAP, Web DAV, the Client Object Model or SharePoint Designer interfaces to access the Web site. " which is all that is required to make use of the SPServices library.
That said, unless you are doing some security by obscurity stuff on your own, you are not exposing yourself to anything more by allowing access to the web services.