You don't need hardened keys for this scenario. If you only publish the addresses, no-one can figure out the next in sequence.
So you can never spend the coins because this would expose the public key which would allow to derive further addresses?
But surely the public key of a single address cannot be used to infer the value of the xpub that generated it? The link to hardened keys suggests that the public key and the corresponding chaincode need to be exposed for that to be possible, so what am I missing?