Hello, every one

i am hosting a bitcoind daemon on my vps, with my apache website, however, i still have few questions about it.


1: in my source code,"$bitcoin = new jsonRPCClient('http://superman:{super}@127.0.0.1:8332/'" here superman is a username,and super is a password, are they the same as wallet encryption function of Bitcoin-Qt? i mean if someone steal the wallet.dat, but he doesn't know this password, can he send any coins out with the wallet.dat? if this is just an independent password of bitcoind daemon, then how can i set up a password for all out going requests just like wallet encryption function of Bitcoin-Qt?

2: if the administrator of my vps, or a hacker hacked in my vps, he got the access of all my files, he saw my source code with the password, then he can steal all my coins with the password right? any other ways to improve the protection of such accidents? (because there are always new vulnerables found, for apache, for linux etc..)

3: how can i know about the translation fee before send bitcoins? ie, if a client has 15btcs in his account, and he send 15btcs out, how can i know how much is the fee of this translation before process it? because it might be free, it might be 0.01btc, it might be 1btc, i need to calculate the amount available before process his request. btw, i don't really get the definition of translation fee, is that obligatory or voluntary? if you pay, your request get faster process by btc network,if not, your request will still be processed, but just slower, right?

thank you for your help