You might also setup the database to be owned by "SA" even if (hopefully) the SA account is disabled and then include an EXECUTE AS OWNER in the stored procedure the user is using to send the mail (and I'm not talking about sp_Send_DBMail itself).

If there is no such stored procedure and you're allowing the user to use sp_Send_DBMail directly, I'd have to call that a "security risk" and recommend that you setup such a stored procedure.