#1 No. I use Cloudflare. When Cloudflare needs to refresh its cache, it pulls from your Wordfenced site, just like a regular user.
#2 What's there won't conflict, but personally I'd take it out. Cloudflare does a good enough job for me in setting cache times. My htaccess doesn't have sections for deflate, .ico, and cache-control.
#3 They did what I pretty much did: block access to xmlrpc for all. I'm not sure what the point of the 403 section is since it allows access for all.