1) No... as this user describes contribute works directly with the .html page. It would not work with dynamic pages which is required for power cms.
2) You can make a section of your web site secure in many ways. SSL certificate is probably not helpful for security in this case. More likely challenge/response permission level security or something like SecurityAssist can be easily integrated.
3) No. It works through your web site, so it has to be in the web folder. It would make sense to put it in a subfolder and set the permissions on that folder so it can't be accessed without user identification.