|1) Yes the hosting provider will give you FTP or SSH access to upload your files. |
2) Depends on how it's built - you should clarify that with your coder. A site with a CMS (Content management system) is generally going to cost more.
Hackers - again, depends on your CMS. Keep it up-to-date and follow best practice security procedures.
3) Well...your coder needs access to your site. And, the site is the only thing on the server (hopefully...?) so...he'd only have the ability to hack your website at most (so...I don't get the question...). If you fire your coder then yes, change the password.
4) I would highly recommend using a payment gateway like Paypal or Google Checkout. If you're storing credit card numbers in your database, then you're liable if they're lost or stolen. I refuse to work with credit card numbers, I do everything through a payment gateway so I don't have to deal with the added security. SSL alone is not enough (SSL only encrypts transit - what about storage?)