Thousands of tutorials and blog articles on the web are now obsolete.
No, but they will require an update.
As long as the default sudoers setting doesn't require a password for sudo Raspbian is not secure at all by default.
Yes, and the filing system is unencrypted, and booting into single user mode gets you root access - horror!
If you have physical access to many computers you can do pretty much anything. You can't run sudo without a shell, and disabling ssh prevents 99.99999% of Pi users from getting a shell on your Pi.
I trust some people with a key to my house, but I still close and lock the door when I go out.