Permission features are really needed - the mere thought of having to set up and maintain two databases just for this is pretty ridiculous.
You can look at using read only shared views and links to forms (pre-filled in the link) to ‘update’ data (it would need to create a new record and then you would need Integromat to find and update the original and delete the updated one. This is very cumbersome and not really practical (quite apart from being very time consuming to set up).
I think the name used for Airtable Users (Collaborators) suggests that the original conceptual design of AT was conceived to encourage open and collaborative working - whereas in the real world most businesses need to secure at least some data (and indeed there is often a legal requirement to do so).
My feeling is that Airtable are probably working on this as we speak - and it’s likely to be proving to be quite hard. I look forward to seeing the result!