For #1, please check sample source code.
WICED_MQTT_TIMEOUT and MQTT_REQUEST_TIMEOUT are used for semaphore.
They look added to detect some error on application layer.
For #4, have you tried sample application named secure_mqtt?
Thanks for your answer.
Yes, actually I've now figured out that secure_mqtt actually connects over TLS with certificates.