You get what you pay for. In this case you're paying nothing and getting something, so stop complaining. Anyway, if you have to ask this question then you've missed the joke entirely.
No. Neither bit is given any encryption at all, whether on the server or over the network.
No. Therefore, please take care when choosing your password. In particular, don't pick a password that you use for anything important, because there's absolutely no security at all.
Well, there isn't any, so you shouldn't be worried unless you use the same password for your online banking account or something. (So, don't.) Your password is sent in the clear across the network, and state is maintained by storing your password in the various forms as hidden variables. To see how horrendously insecure this is, log in to your account and view the source of the resulting page. See that? Yes, it's your password sitting there in the clear. I know this is a horrible hack, but it'll have to do until I work out how to use cookies.
By default, no. However, you can tick the "Allow others to view my bits" box to allow this. Once this box is ticked, anyone can go to http://graeme.woaf.net/cgi-bin/twobit/twobit?viewuser=foobar (where foobar is your user name) to view your bits.
If you provide them yourself, yes. You've got two bits in which to store them.
If you do it subtly enough that I don't notice, yes.
To sign up for an account, go to the registration page.