1) The SPF record is the most important thing. Use the email from the domain so firstname.lastname@example.org, where whatever.com has the SPF records set correctly.
2) It's always good to throttle email, especially when first starting out. You should check your shared servers policies, which are normally 200-500/hour. Calculate how many seconds that comes to. For example 300/hour is 1 every 12 seconds. After a few weeks of sending good emails, you should be ok to send larger amounts.
3) You can have the cron file outside the webroot or limit access via .htaccess or another method.