Those are excellent questions. Your assumptions are correct.
The PIML Logins are for allowing users to use PIML software, specifically, the PIML PC and PIML Mobile software (I'll get to PIML Web in a second).
The connection to the PI Server is determined by your AD Credentials. PIML will attempt to use your windows login to connect to the PI Server. If it fails, it will fall back to use a trust. If it fails using a trust, it will fall back to PI User Login. When we send data to PI Using PIML PC, we are using that connection.
Now, we can also configure the PIML Windows Service which will automatically send data to the PI Servers. This service is running as a service account but overall the connection is handled just like your usual windows accounts. (Windows Authentication>Trust>PI User)
In summary, PIML Logins, determine if the user can use PIML Software and what tours/permissions they have for PIML. The PI Identity is the permission identity that the user has on the PI Server which determines if they can send data to PI or not.
PIML Web is a little different in that you can configure PIML Web to utilize your Windows AD Credentials to authenticate and use the PIML software AND connect to the PI Server using the same Windows AD Credentials.
Finally with regards to your question about PIMLUser and LabUser. My assumption is that PIMLUser is the Windows identity for all PIML PC Users on that particular machine. It is the identity given to all connections made by PIML PC for any user stemming from that machine. LabUser, if it has nothing associated with it, must be some unused identity which has no use for PIML.
Please let me know if you have any questions or need further clarification.