When writing any kind of application that has more than one role it's often the case that you end up showing/hiding page elements based on the users security. This holds true for applications and Web Parts that are in SharePoint as well. Thankfully this is taken care of for us in WSS/MOSS, at least when it comes to Webs (SPWeb), Lists (SPList) and List items (SPListItem). All these objects (and potentially more) implement the ISecurableObject interface which among other useful methods and properties has the DoesUserHavePermissions() method.
This method takes one or more SPBasePermissions and will tell you if the current SPUser (or another one if you're checking SPList/Item/Web/Site) has the given permissions. There's a ton of permissions that are available, and they're analogous to what you would set in the permission screen in the SharePoint UI. You can find a list of them here.
It's important to note that the SPBasePermission enum uses the [Flags] attribute which means you can check many at the same time by using the bit wise OR (|) operator. You can check to see if a user has permissions on a list (or any ISecurableObject) this with code like:
//do something clever...
Because they all implement ISecurableObject you can use similar code on SPWeb, SPList and SPListItem.
To programmatically check to see if there is anonymous access allowed on a list you can do something like:
// do something clever...
Finally I'd like to share a wonderful control that's saved my bacon a couple of times. Because our changes to SharePoint should always be subtle and involve as little code as possible, it's often convenient to show hide content by declaratively setting down some syntax in SharePoint Designer. The SPSecurityTrimmedControl allows us to do just that. This control will hide content for any user who doesn't have the appropriate permission. I often use this control to wrap the Site Actions Menu to hide the "View All Site Content" when that's the only permission users have. For example:
Any HTML or controls between these tags will only show for users who have the 'AddAndCustomizePages' permission.
Note that the permissions that appear in the PermissionsString are analogous to those listed above, so strings like 'ViewListItems' apply. You can also set an optional PermissionContext which can be any of the contexts listed in the enum.
Hope some of that's useful.