1) Yes, each page that is to be secured by security assist needs to have the access restriction code applied to it.
2) Security Assist does not really have anything to do with PCI Compliance.
Using Security Assist with eCart will not necessarily ensure PCI Compliance, the only thing it will do is force the user to login to your site before they can checkout.
PCI (Payment Card Industry) standards do not require user registration / login in order to checkout. PCI standards are more associated with using HTTPS to encrypt payment information that is sent from your site to the payment gateway.
you should find this page helpful in understanding what PCI compliance entails:
3) HTTPS is not necessary for Security Assist. however, since you ask about PCI Compliance above, it should be noted that PCI standards require HTTPS when Personal Data is being transferred from the Client Browser to the Server and Vice Versa. For example, during Registration and Login when the user enters information that is then set to the server.