Can I configure wordpress to use two database usernames, one to read (which has read-only permissions in the database) and one to post (who is hidden in a protected wp-admin directory) for security purposes?
The point is that even if someone hacks wordpress, they won’t have permission to do any harm.
WordPress does not allow this “configuration”. And I seriously doubt you would have any luck writing a plugin that would take care of this in a complete way. The WPDB class is heavily utilized throughout the site, and sifting through read-only vs write-enabled uses would be daunting.