The fact it has readonly in the name, will not make readonly just because of that.
One way to investigate this is to run:
EXECUTE AS USER = 'this_readonly_user'
SELECT * FROM sys.user_token
This will list all database roles the user is a member of, directly or indirectly. Maybe one of these have INSERT permission on the table.
Also check what permissions that have been granted on the table:
SELECT * FROM sys.database_permissions WHERE major_id = object_id('thistable')