You're answer for number 1 is not completly true. Its a good start, but it is possible to sniff traffic over switched networks using arp poising. If someone is using linux it can be done with ettercap.