There are so many websites these days that require you to connect. I've been connecting other wallets with low balances to test things out, but there doesn't seem to be much information around on what is good practice here.
My big balances are secured by Ledger so I suppose I don't need to worry about the coins simply being stolen without my approval, but what if I connect the Ledger to approve some coins and it steals other coins or uses the approval for something else. Is any of this possible?
When should I not connect to a website?
Audit company is the answer to your question mate or read the open source code of the project to verify the code. There's a lot of danger on DeFi and the only way to minimize it is connect only on website that has a certificate of audit from a reputable company like Certik. For normal user without knowledge about the code, we don't have a choice than just trusting this audit company to do there job properly.