1 - 2) when you go to the confirm page and use the modify information button, you need to bind the form elements on the checkout page to the session variables that are created. when you fail validation you need to bind to the Validated Entries. one way to get around this is to set the Redirect on validation failure to go back the checkout opage using a querystring value:
then use a ternary expression to use either the validated entry or the session variable, for example for the firstname field:
<?php echo((isset($_GET['valid']))?(ValidatedField("confirm","firstname")):isset($_SESSION['eCartCheckoutForm_firstname'])?$_SESSION['eCartCheckoutForm_firstname']:""); ?>
3) you dont need to keep the spry in place. it is really just used as a warning before the form is submitted that it wont pass validation.