- Bitcoin and its offshoots, like Decentralized ID have been focused on using non-standard crypto under a mistaken assumption that they will thus not be the first crypto to be cracked over the near future. Unfortunately they also means that these non-standard cryptos are not implemented in hardware modules, like the one inside of Android Smartphones. That means that they must be used in less secure execution environments.
- You can set any values you want for rpcuser and rpcpassword in bitcoin.conf. Those values will be your username and password when you will be connecting to your bitcoind through HTTP JSON RPC. Also be sure to set other important values in .conf file, like server, rpcallowip and a few others to ensure your server is running correctly and securely.
- A Data Directory is included in the Bitcoin wiki.
- Is secp256r1 more secure than secp256k1?
It is said that "Satoshi picked non-standard crypto (secp256k1) which conventional wisdom says will be cracked in 5-10 years."
The main difference is that secp256k1 is a Koblitz curve, while secp256r1 is not. Koblitz curves are known to be a few bits weaker than other curves, but since we are talking about 256-bit curves, neither is broken in "5-10 years" unless there's a breakthrough.
The other difference is how the parameters have been chosen. In secp256r1 they are supposedly from random numbers, however, it is impossible to prove that's really the case. See e.g. these slides from Bernstein and Lange for an easily understandable treatment.
The Koblitz curve, on the other hand, has had its parameters chosen relatively rigidly. The post runeks linked in the comments has an explanation for why they were chosen.
So rather than saying one is more secure, I would say that the risks are different. If neither curve has backdoors or accidental weaknesses, both are secure. The few extra bits of security secp256r1 has won't matter unless you happen to own e.g. a moderately sized quantum computer that can just manage one but not the other. It would have been easier to backdoor the secp256r1 curve, but on the other hand, Koblitz curves as a class could be completely weak in some way not currently known.
I.e. which to prefer is somewhat subjective. If you don't like Koblitz curves but are afraid secp256r1 is backdoored, there's always the option to use some other curve designed according to criteria you like. (Though you cannot, of course, change what BTC uses.)
"Coins" and transferred on Testnet they same way that they are on Mainnet, but they have no value.
- Testnet on the bitcoin wiki.
- Learning How to Use Bitcoin: A Beginner’s Guide to Using the Bitcoin Testnet