What's your fear? If you control access to the servlet to the same degree you'd control access to the database noone can access the database. In fact, you can control things far more finegrained than would be possible (at least easily) by giving people usernames and passwords to the database directly.
You can quite easily create a system of logins in which people have read-only access to only some parts of the application for example. Try to handle that inside the database and you're looking at setting permissions on a per user basis on each table.
Of course if your servlet has no access control whatsoever everyone can access it and in theory cause a write to the database. But even then (unless you're extremely careless) they can only use the exact SQL you yourself defined, and not just do whatever they want.
subject: possible security issues with servlets connecting to a DB