To both of your questions: yes

Your privacy for paying ecash-to-LN is the same as with ecash-to-ecash except that the mint can see the LN destination (Lightning needs blinded paths for this). Much better privacy than any other custodial LN.

You can lock tokens with P2PK. Wallet support is still limited but it allows what you described. Token can't be stolen if the hacker doesn't know your private keys. 

Cashu txs are not reservible. Once ecash is stolen, it's stolen. This property also means that you enjoy strong censorship resistance as user though, which is why it's preferable imo.