First off, I used GoDaddy.com to register a domain. I recommend them
Second, I host locally and I pay for hosting (don't ask why).

Now, to answer your questions:

1will i have to pay for a domain - Yes, GoDaddy ($7.99 was the cost for my .com domain)

2will it slow down my internet surfing - As The Grunt said, how many people will be going to your site. If you can afford it, you can try getting a better internet connection (T1...)

3 What security risks are there - Depends on if you keep your software patched, and run your website responsibly. Patch those exploits, or you could get defaced, spammed, etc...

4 What do i need to secure the site - If you can, use SSL (HTTPS). Also, patch that software! Also, do what 'The Grunt' said.

5 what risks can not be secured - What 'The Grunt' said

6 What is the best software to use (server software ) - IMHO, Apache 1.3 or 2.0. I used Apache 1.3 mainly because of a problem with PHP (installation method). (My exact stats: Apache/1.3.29 (Win32) PHP/4.3.5) Also, check out http://www.apache-ssl.org/ if you wish to use HTTPS.

Now, on the situation regarding OSes. A Unix/Linux OS is probably better (PHP even recommends it IIRC) than a Win32 OS. I run Apache on W2K and it seems to run smoothly. When I can afford another machine (or find it), I plan on installing FreeBSD to run a runserver + mailserver.

In summary, have fun and just do everything with a little bit of intelligence