As I mentioned above, it is appropriate only for something (or someone) you don’t trust (and not paid). For anything else only aliases.
Yes, but separating them will be better for hypothetical services hack. If something will leak it will isolate main mail from phishing/SPAM attacks.
Use Card masking if there is no other way to pay. But avoid bank transfers or payments if it is possible