I found some information about importing data into upgraded runtime solutions so I guess this answers a portion of my questions above.
You might find this thread on using data separation to reduce the number of times a scripted data import is needed useful: Convert to Seperation Model
2) Both methods are used. As you have noted, a runtime has limitations so those limitations will control whether or not a runtime is a viable options.
3) While the customer's copy can have the Admin account removed, you keep a development copy with an Admin account. If you need to fix something, you fix your Admin copy, make a new copy with Admin removed and distribute it to your client. (And yes, this may mean that you include an "updater" script in the new copy to pull all the data from the previous copy into the update.)