Yes, it's still encrypted and therefore much more secure. Just make sure to use a strong password, and it's best to use a non-standard port or you'll have bots constantly hitting your server trying to guess the password.

Yes. Private/public key authentication just generally make the encryption stronger as the keys are usually way longer (1024-2048 bits) and a way more random than a typical password.

Also with keys you can:

• Use SSH authentication agent to allow automatic, yet reasonable secure, authentication, without need to type password every time (as opposite to insecure storing of password in some profile)
• Use SSH agent forwarding to automatically authenticate session opened within already authenticated session (SSH tunnel)
• You can have multiple keys for a single account, each with different privileges (well that's implementation specific, you can theoretically have the same with passwords, but I haven't seen server that would allow this).

It depends.

With SFTP traffic is encrypted, so in that sense it is more secure than plain FTP.

On the other hand, SFTP is just a subsystem of SSH. You have to configure SSH carefully in order to restrict people accessing the server to a chroot environment and disallow shell and SCP access. That's usually granted by default for most FTP servers.