You can expose parts of the API with Nginx or any other reverse proxy sitting in front of the IPFS API.
Also, since you can run js-ipfs directly in the browser, you can probably use it to add content to the network.
Also, IPFS Cluster has an API which supports basic authentication (permissioned endpoints coming up soon as well). Cluster might be interesting even with a single peer because of some API features, like attaching names to pins, or any custom metadata.