I am currently able to make the user to use the Flow without any admin's permission in case the Self sign up is acceptable even when Offide365 tile is hidden with deleted license. When I wish to restrict the user's utilization of Flow as an internal security measure, I am unable to make a limit only on each of the tenant. That is very inconvenient for me. As a consequence, I hope you forbid the users with the disabled license to use the Flow because of security concerns.
There is a difference between licensing product features in an application (like Microsoft Flow) and permissions to access an application in the first place.
Licenses can be used to grant or remove features. For example, if I want to enable the custom connector feature I can assign the Flow Plan 1. If you enable/disable the Flow for Office 365 plan, that enables the features that come with that plan, such as Team flows.
However, licenses shouldn't be used as a mechanism to grant/remove access to the whole applications (to block/allow login in the first place). For that, Azure AD is the recommended approach. You can use Azure AD conditional access to ensure that users in your organization login in the right place, or even blocked entirely. You should be using conditional access if security is your concern, not licenses.