No, the point isnt to mask his ip, the point is so he doesnt have to input a range.
Ex his ip falls in 4.32.*.*, so he would have to make that his range
however if he had something like ir0xs0x.dyndns.com, he can update it to his current ip, so his rc will work with ONLY the ip he has now, instead of the range. This would be more sercure because the rc is only looking for one specific ip, as opposed to a range.
However, as Ben stated, one stealing passwords needs only to steal the dynamic dns service's password, ex. i could do some ultra cool computer breaking inness, get his dynamic dns service password, log into wherever, and set his dns to my ip.
However, if you had to MANUALLY update the dns (or manually enter in the password into your program, eg not saved) and the password was in your head alone, that probably would be very secure, pending your service site itsself isn't hackable.