(2) The supernode system for fast approval of payments sounds like a good solution (and a solution is certainly needed) but how is it protected from hacking and defrauding? Payments are approved outside the blockchain, which is the only mechanism guaranteed to be fraud-proof (the whole point of its existence). So how is payment security outside the blockchain going to be implemented? There is no information about this that I can find in the white paper or on the website.
I'm not affiliated with GRAFT, so just speculating here. My guess is that if a supernode approves a transaction that turns out to be a double-spend, the money is taken from supernode's stake/collateral. Most of the time that is the idea of supernodes.