A) Study some other plugins to see how they bundle their code and look after activation/deactivation.
Getting your functions invoked by and feeding text/data back to WordPress can be done several ways:
B) Using shortcodes:
http://codex.wordpress.org/Shortcode_API
C) Using custom page templates, do this in a child theme.
D) Using hooks and filters:
List here:
http://adambrown.info/p/wp_hooks/hook
Details here:
http://codex.wordpress.org/Plugin_API/Filter_Reference
E) As for security, this is important, you must defend against user supplied input being let loose upon your database, there is a "prepare" function as part of $wpdb class which will help you.
