security
the "read only" clients will be available on Internet
the other client will be available only on our INTRANET and with no VARNISH in front it.
AND performance although I can not evaluate the gain.
AFAIK you can't use read-only clients on Plone because there are GET requests that write to the database: a typical example of this is the creation of image scales on the fly when they are needed; I learned this the hard way many years ago.
you can secure your instances on a different way; for instance, you can remove the authentication cookies in you front end proxies on request coming from the outside world. that's pretty easy in Varnish, for instance:
if (req.http.Cookie) {
unset req.http.Cookie;
}
for performance, scalability and better use of resources I prefer not to separate instances to serve content for anonymous and authenticated users, but that's because the sites we host have limited resources; for me having a lot of underutilized instances makes no sense.
at the end of the day in our sites we have found the following:
backend instances are mostly used by crawlers
requests for anonymous users are mostly served by Varnish
request for authenticated users are the most expensive
we use a slave ZEO server just to avoid downtimes when the master server is unavailable, and also to have a copy of the database that is in sync all the time.