By default, the base class methods in the fflib_SObjectSelector base class automatically perform object read security. The ability of the base class to enforce field-level read security is also available but is not enforced by default.
In both cases, if enforcement is enabled and user object or field-level read permissions have not been granted for the object or fields referenced in the getSObjectType and getSObjectFieldSetList methods, an exception will be thrown.
The WITH SECURITY_ENFORCED keyword has recently been added to the SOQL syntax. At the time of writing, it is in Beta status. Including this keyword in queries essentially performs the same security checks as described previously, but is implemented by the platform for you when the query is executed. In theory, the fflib_SObjectSelector and fflib_QueryFactory classes could be updated to utilize this feature once it is generally available without changes to their caller's assumptions with respect to object and Field-level security. The benefit of this would be less complexity in these classes and the calling code will leverage the natural optimization this brings over these classes having to make such checks themselves. As this feature is still in Beta, the community supporting these base classes has yet to make this change at the time of writing. Regardless of the base class support, if you are writing entirely manual queries in your Selector and wish to easily support checking object and field-level security, this is something to keep in mind.