if you are able to install your own wireless bridge in your classroom (not sure if all routers let you do this, certainly ones supported by dd-wrt can), then you could log them into the router, then lock them into pythonista. on the router, you would set the firewall to only allow sites on a whitelist.
Another option may be a custom ui module, which you place in site-packages, and which stubs out ui.WebView, or maybe even implements a white list. You could show a "siteminder" page for sites not on the whitelist, so they think it is a router limitation and don't keep digging. Maybe log such attempts, so you can figure out who the aspiring hackers in your class are.
ok, another option... you could install into site-packages a pythonista_startup, which uses objc to swizzle the underlying UIWebView class to be nonfunctional. Then use the chmod trick above to prevent casual editing of that file.