You can audit the code.

1. First make sure the project compiles without warnings. That means that all the methods they use have to be declared in their headers.
2. Then look at all the categories declared in the code (you can do this yourself, or find some tool to do that).
3. For all categories declared on classes provided by all Apple frameworks, make sure there are concrete implementations of the methods they declare in your code. If there are any categories on Apple provided classes that do not have concrete implementations provided by the framework then they are declaring the category in order to avoid compile warnings accessing private methods.
4. Look for calls to NSClassFromString, and make sure all uses of it are for public classes

There are some other ways they could be using private APIs, but they are not as common and tend to be caused by people actively trying to obfuscate what they are doing.

A little more on point:

I have audited YAJL-objc myself, and I am sure that Jon is doing nothing bad in TouchJSON, because he is damn fine iPhone developer. Beyond that I can’t see why any JSON library would be, there is almost nothing they can use hidden in the private APIs. It tends to be more common to use private APIs to achieve visual effects are interface with HW functionality that is not exposed, parsing is really just computational.