So, to answer your questions.

* if you don't want to expose the names you give your password entries, then there can be a risk of putting your .password-store in a public repository on github or gitlab, or something. I would put your .password-store on a private repo if possible. To be clear, the passwords themselves are secure, but the names you assign to those passwords are not, so if you have a bunch of passwords labelled as sensitive IP addresses, I might think twice about putting those in a publicly accessible repo.

* I would copy the GPG key used to encrypt the passwords to each device you want to use pass on.

* You can use "PASS_HOME" (IIRC), but what I do is I clone the main git repo to ~/.password-store on each of the devices I use pass on.

To be honest, I'm not sure how I set up the main git repo. Hopefully somebody else can help you.