[deleted] It's not about "thinking" you're in charge of the permissions. Play Services on GrapheneOS have the exact same privileges as all other apps you install. There's nothing unique about them. If you install any app and play services, they can do the exact same things, and they don't get a say in that. They're installed in the same context as all other apps, and the compatibility layer on GrapheneOS just teaches them to deal with that and function within those confines. You don't have to trust Play Services for that; it's what it is.
Beyond that, everybody needs to consider their own threat model. GrapheneOS doesn't only conform to one specific threat model. Your needs are not everybody's needs. Some people require Play Services to be able to get their work done. Would you rather they do this on an insecure device or a secure one in which Play Services doesn't have extensive privileges like it does on the Stock OS?
I'm not telling you to use Play Services yourself, but discouraging someone who needs them from doing so and telling them that using a different device for them in which they're the boss via privileged access can be harmful advice.