1) Those details are in the php source code, the only way someone could download that information is by gaining FTP access to the server.
site import will only download the browser source, not the raw php code.
2) This depends on how your host configures the server. Some hosts set it up so that the SSL pages have their own directory, others dont.
the 'This page contains both secure and non secure......' error happens if you Fully Qualified links to assets that use http protocol, for example:
<img src="http://mydomain/images/image.jpg" />
if the link is relative link:
<img src="images/image.jpg" />
you wont get that error.