When publishing a Feature Service, there should be a security option to just enable security on the feature service capability, not the map service capability as well. Currently, if you want to public to be able to see a map service, but do not want them to edit, you have to have two map services. Allowing control of security on all the possible capabilities on a map services would be ideal.