Yes. If the hot spot wireless is not encrypted, there are a variety of capture and decoder tools that can be used to re-assemble email messages. Look into TLS security on your email client for security.
Yes, if the form is un-encrypted HTML. If the form is encrypted with SSL (https), then it's far more difficult.
Unlikely. Most wireless hot spots have "AP isolation" or "client isolation", which prevents one client from connecting or attacking another wireless client. There's no guarantee that this feature is enabled.
Laptops also have the ability to connect directly to another laptop using ad-hoc networking instead of going through the hot spot access point in infrastructure mode. It is possible for an attacker to directly connect to your laptop via ad-hoc mode.
Generally yes. Apple seems to take security more seriously than Microsoft. However, that doesn't prevent users from setting up their laptops in an insecure way. Open shares are open shares whether on a Mac or PC.