One good approach is to keep your project in configuration management (git, Subversion, ClearCase, etc.). The xtUML Editor integrates nicely with these systems. You can then allow read-only checkout (no “push” authority).
Another possibility is to allow a user to access a project (Import the project) from a file system to which they do not have write access. (For example, allowing them to import a project that exists in your home directory (on Unix) where they have only read access. This works, too.
Note that there is no specific “view-only” mode for the xtUML Editor. It might be a nice feature to add some day.