1) yes, there is code in place to prevent email injection.
2) The captcha solution provided in the contact form solution pack does not work with screen readers. It also does not support recaptcha, you would need to edit the code by hand to add recaptcha which is not supported.