VLAN is tagging/trunking is necessary if you wish to do intervlan connectivity and filtering with the ASA. Concerning the use of VLAN1, if you don't do tagging you are using the native or untagged vlan. This is vlan one if you are looking at it from that perspective. If you enable the trunk, the physical interface would be the untagged interface and would communicate to the native vlan on the switch. The recommendation against using VLAN1, has a lot to do with management access.
The key point with the ASA is to secure the management to the device. You can go out of band with the "management-only" command, or use any ip interface and ssh and/or https. The communication is permitted or restricted by IP address. With the little ASA5505, everything is a concept of VLANs. With the ASA5550, these are really dot1q subinterfaces. In other words, you could tag a VLAN1 or not. It just needs to match the other end of the trunk. This is very similar to dot1q router on a stick with a router.
Regarding your questions, do what you need to do to secure the rest of your network. From the perspective of the ASA, you must match the L2 configuration of the directly connected devices. The real work for the ASA is configuring the transit rules. As far as management, use secure protocols (not telnet), good passwords, and lock down to ip addresses. If you are in a highly secure network, take a look at the management-only option. In all cases, follow an existing security policy if you have one.