Hi Paul,
You are free to remove the permission element for "android.permission.INTERNET" from the AndroidManifest.xml. You'll also want to go to the www/config.xml file and remove the element for <access origin="*" />.
I built a quick test app that has two input boxes and a button and the code to multiply the two and display the result. I altered the:
<uses-sdk android:minSdkVersion="8" android:targetSdkVersion="19" />
to have minSdkVersion="8" (versus the default build of minSdkVersion="10") and then I deployed that to an Android Virtual Device running Android 2.2, and it ran fine. Your HTC Desire HD running 2.3.3 is a targetSdkVersion of 10, so the defaults should have been fine for you.
I'm a little unclear on what you aim is when you say "I think the crucial thing here is to avoid asking the user to use the internet." Are you trying to make sure you block all avenues for accessing the internet? If your app never tries to access the internet, even if it had permission, it wouldn't ever ask the user to use the internet. Locking down your app in the manner above will also prevent you from ever collecting any analytics about your app or from even presenting a direct link to a URL for support questions.
Perry