No, you don't need to upload the _notes folder that are created by DW. those folders DW uses when you are working with the site in DW.
DataAssist/SecurityAssist already include code to prevent database injection. As far as the change to the php.ini, I'm not entirely sure how much performance you will gain from making this changes.
In regard to the .htaccess DA and SA should not be effected with an .htaccess file.