1) Assume this question is meant to say on a _different_ subnet? A different subnet is fine, assuming you follow documentation about not firewalling required ports etc, but it is only supported for them to be on a same LAN segment, i.e. no spreading them across datacenters or sites.
2) They'll share all desktop state and tasks
3) Adding a replica server is not a disaster recovery solution, they share the same desktops and pools
4) Correct, you can add multiple security servers toa given connection server, but each one must be registered to a specific connection server instance