1: The installer requires you to give it the user info, so it will not create a user or permissions.
2: https://docs.kentico.com/display/K8/Minimal+secure+configuration has a listing for you!
3: See above link
4: I would say you should have the same priveledges on both, so you don't have that as a variable if something needs to be debug
5:I don't believe Kentico uses any DDL codes for the database.
Hope that helps, as long as you don't provide ways for SQL injection attacks (through custom webparts or unsecure macros), you should be fine, Kentico is very secure, i don't think we have had 1 hack of Kentico yet and our company runs many, many kentico sites.