Yes you are understanding it correctly. I have always thought that this design is odd. Nowdays we have very few dynamic properties and have most of the "global" properties on a settings page.

Maybe you could do a control adapter that hides all properties on the specific tabs. Or a analyze the html and do a custom property that injects som javascript that hides the tab.

We have done the latter for use on some pagetypes.

I've used this code in the past to hide properties in Edit Mode.  Is there some equivalent event I could hook when the Dynamic Property interface loads, and hide it this way?

private void EditPanel_LoadedPage(EPiServer.UI.Edit.EditPanel sender, EPiServer.UI.Edit.LoadedPageEventArgs e) 
{ 
    e.Page.Property["Pagename"].DisplayEditUI = false; 
}

I did a little digging.  EditDynProp is the page.  The only event it throws is PageSetup.  In that event, the CurrentPage is not populated.  Additionally, the Controls collection for the underlying page hasn't been populated either, so I can't see a way to hide a control.

I opened a ticket with support, and they pointed me to this blog post by Anders:

http://labs.episerver.com/en/Blogs/Anders-Hattestad/Dates/2009/5/Hiding-tabs-based-on-roles/

Seems like a lot of work for something that should be simple-ish.  I feel like tab access should be controlled by group/user access, not page permissions.