Hello,
to (1): The communication between Secure Login Server and Secure Login Client should be secured by SSL to prevent eavesdropping. So its recommended.
Why do you not want to use SSL ? Or do you mean the communication against ABAP? Here you can use SNC with SAP GUI instead of the web based UI with SSL.
to (2) : Yes you can bind the UME against an AS ABAP DB. Then as authentication method on the Secure Login Server the "Basic Password authentication" can be used.
But if you use Kerberos/SPNEGO as authentication method with Secure Login Server, its recommended to use the Virtual User feature or bind the Active Directory against the UME.
What kind of authentication method do you want to use?
best regards
Alexander Gimbel