Your impression is incorrect. Current EMV cards do something called DDA, so charging the card (as a card-present transaction) requires the card to be physically present or you to have cloned the application off the card (which the card is designed to prevent you from doing.)
You can still get the magstripe data if you compromise the terminal, but the network will (eventually) reject magstripe transactions made by a chip-capable card in a chip-capable reader. You can get the transaction certificate for one transaction, but that TC is protected from replay attacks.
Yup you are correct. The chip acts as a proof of presence and a second factor of authentication. It is technically possible to export the cert off of the chip but it would cost several hundred thousand dollars and a lab with a Focused Ion Beam :)
You can still get the magstripe data if you compromise the terminal, but the network will (eventually) reject magstripe transactions made by a chip-capable card in a chip-capable reader. You can get the transaction certificate for one transaction, but that TC is protected from replay attacks.