Those fixes applicable to Yosemite will be available as a separate Security Update. Apple usually supports the current OS and the OS X version behind (for example, this for Mavericks was released in August: https://support.apple.com/kb/DL1834?viewlocale=en_US&locale=...). So security is probably not a reason to upgrade.
No, and thank God for that. The only thing Rootless prevents is system modification like iOS jailbreak, i.e. prevents tinkering with the system with things like debugging running processes or modifying system files (for example, utilities that modify the UI theme don't work with Rootless). Most malware out there is not that sophisticated, does not try to modify the OS and can still happily live in any other location of the system, like any other program.
