Prevent user "click-expansion" of Exchange distribution group?

Your understanding is dead on. You could potentially maintain a number of different default address lists based on a user's access level (only letting them have a given group in their list if they're authorized), but that's incredibly ugly and would be nearly impossible to maintain.

One way to get rid of the expandability would be to use Dynamic Distribution Groups - they expand based on a query during transport, and thus cannot be expanded in Outlook.

This prevents access to the curious, but not the determined/knowledgeable - keep in mind that without some nasty permissions changes, a lot of the user and group attributes in question are readable to any domain user with the tools and knowledge needed to view them.

If you go in ADUC and right click, properties, attribut editor, hideDLMembership (set that to true) they will be able to see the group but will not be able to expand it's members.

If you enable Moderation on the DL, users will not be able to click the "+" sign to expand the group. Attempting to do so in Outlook will result in the following message:

Of course, this means someone (or a group of people, if desired) will then have to moderate all messages that are sent to that DL. In our case, we wanted moderation anyway, so this worked well for our needs.

(This worked for me on Exchange 2010 SP3)