I recently went through a similar proof of concept corporate iPad deployment and had the same questions walking in. The direction we went might not be the best solution, but it worked for us and maybe it will give you a hand with your deployment.
Know your Audience
Early in our deployment it became glaringly obvious that this would have to be a simple solution. Apple devices are designed to be simple, that's the draw in the corporate world. Our main audience was managers, VPs, and CXX level executives. A good number of these folks either aren't technically savvy enough to deal with a complicated configuration, or simply don't have the time to fuss with a device.
It should just work, out of the box, like it was designed.
Just Say NO to Multiple Accounts
Firstly I can see one big problem with your initial plan. By stating that you have an account created with a secret password I'm assuming that you're having a helpdesk configure the devices and install the software before they're handed over to your end users. What happens when an application is updated in the AppStore? Your helpdesk will have to enter the password to have the application updated. Depending on the size of your company this could eat up a ton of time, and most of your end users most likely won't ever bother to go through the process to upgrade.
Additionally, when John Doe leaves the company, the software purchased for jdoe@acme.com will be assigned to John's replacement Fred Flinstone and his iPhone. You now have fflinstone@acme.com using the account jdoe@acme.com. It might not be a big problem at first, but this will easily get difficult to manage down the road.
Mobile Device Management
Depending on the size of your deployment you might eventually start looking at one of the many Mobile Device Management (MDM) solutions out there. We did. It's likely that things will change in the future, but as of this posting we didn't find much that an MDM solution would bring to the table that our Exchange environment wouldn't already provide.
MDM offers a simplistic way to deploy VPN, Wi-Fi, and user profiles. If you're not using Exchange or aren't comfortable with rolling your own solution you might gain more from one then we were able. Other benefits would be device tracking, and enabling your helpdesk to do basic device troubleshooting, device wiping, remote locking, etc. Read the link to Wikipedia above for more information and a decent list of the bigger vendors in the field.
Application Purchasing
We first identified a list of applications that we would recommend for different tasks, and published the list and relevant links on our company intranet. Initially we installed a few applications when we initially configured the device, but ran in to the time problem above. We calculated a total estimated dollar figure of all applications that an average user would purchase and bought gift cards for that amount + an additional X% for growth. This was more convenient for how we do purchases then gifting would have been.
Apple recently announced their Volume Purchase Program (VPP), and you might want to look in to that if the solution above isn't any help.
Further Reading
Best of luck to you, we learned that smart devices in the enterprise is a rapidly growing environment and there's no "right way" to do things yet. Apple is constantly improving their tools to make the transition better, but they're not quite there yet.
Best Answer
Having an MDM doesn't change the permissions and app deletion behavior on iOS so it only facilitates getting a redemption code onto the device.
What really matters is who signed the app. If the app is signed from Apple - then it doesn't matter if it came from iTunes, iCloud restore, MDM or Apple's app store. A user can either delete all apps or no apps based on the iOS profile in force.
Now, for enterprise signed apps (or developer signed apps), you can tie a signing certificate or trust chain to a configuration profile and ensure that apps signed by that cert get deleted when the profile is deleted.
So a user can decide to remove one app or remove all apps or remove the profile. But the user can't remove the profile and have the apps remain.
This is a nice general overview. If you select a particular MDM solution (Casper, AirWatch, Mobile Iron, etc..) or just use iPhone Configuration utility or Apple Configurator - you can re-ask this to nail down your particular deployment scenario and we can dive deeper into what you seek to accomplish.