For the second question, you don't have to buy the ssl certs from your host. I've had good luck with these guys:
Cheaper than most and it's a single root certificate that's recognized by all the popular browsers out of the box. I've been able to transfer them from one host to another without any hassle at all. They have a good support section on the site whether your a customer or not.