OK, I'm worried; unless I've completely missed something here, it seems as though the 'little guy' could get hit quite badly by SPF.
If you have no SPF records published , your email will continue to be treated as it is now (heavily checked for spaminess), so you should be no worse off.
I use the SMTP relay service provided by my ADSL provider.
You can publish this information in an SPF record.
If you trust the relay service to only relay your domain for you, ie an authorised login, with your domain allowed for you but no other users, then it's very easy to setup, and SPF aware servers will be confident whether your mail is from you (via your secure providers relay) or a forgery.
However reality is very different, providers relays do not normally limit the domain of users, even when authorised, so there is a risk of of users of your providers relay forging your domain.
Because of this you can publish an SPF record that states your domain policy, with the providers relay being "neutral" (? prefix). The effect of this is not as good as the secure example, but considerably better than nothing.
Any mail coming from your domain, through the providers relay being considered neutral, therefore as if no SPF, so you may think no apparent gain, why bother. However, any email using your domain, but not from your providers relay would be treated as a "FAIL", so there is a significant benefit.
Yes, a "clever" spammer could use a zombie within your providers network send mail using your domain through the providers relay, but it would only score a "Neutral", so normal spam filtering would apply, as it would for you.
It's not perfect, but since you are not able to secure the providers relay for your domain, its still a pretty good outcome.