As an FYI I have forward this to CS Australia to reach out with you. I would recommend we look at this from a health check perspective.
Personally I believe using DMS and having publisher maintain permissions is preferable to NTFS. This provides a single place for an audit trial. Also I thought that is what we setup a few years ago.
My thoughts on your points.
1. Access point permissions has changed a little bit, however I am fairly certain that the ability to view a document is controlled by either the NTFS or DMS permissions. In your case it is the NTFS permissions. Section Access should limit who can open the document.
2. Security should not be on the Source Documents version of the application. It should be the permissions on the User Documents version. Again assuming that the environment is as it was a number of years ago. However I would recommend using publisher to specify the permission with the DMS permissions. This will allow you to verify authorisation via just the QMC rather than the QMC, NTFS and also the Access Control List.
3. I am not sure on this. However I believe the highest available license is assigned with Dynamic Assignment on.
4. Refer to point 1. Note that hte concept of ADMIN or USER is not applicable for Access Point. This is only applied to the Desktop Client.
If you have any questions then please contact me directly.