Personally, I'm a bit of a security zealot. If you assign db_datawriter on the 'database' then all feature classes are editable by the ArcGIS Server user. You may have 100 feature classes in the database, but only 'say' 5 are intended to be editable via Feature Services. That potentially leaves 95 feature classes that are potentially editable from the web. That makes me uncomfortable.
Oftentimes, to ease administration I'll use db_datareader for the ArcGIS Server account. Then for editable services, I'll use a SQL user and specifically set the permissions layer by layer in the Change Privileges tool.
Obviously, it all depends on how risk-averse you are and the types of datasets you hold, but I tend to steer toward the side of caution. I also prefer to explicitly set view permissions in the same way, rather than using in buildt roles, but its often a compromise on what the clients needs are.
Just a thought.
Scott Tansley
https://www.linkedin.com/in/scotttansley/