There is not really a reason to restrict it that way in SAFE (at least as per these proposals), you should be able to have a WebID published at any type of URL, i.e. pubName-URL or XOR-URL, you could have safe://mywebid.nigel#me, or maybe at safe://hyfktced1wsgxzyxuiwrzrukgcagpxzowfy35zpo6hdd5jyhqxij84ri8uo#me. The WebID URL is just to resolve the location of where the WebID Profile document is stored and fetch it.
No, the XOR-URL is not stored as a pubName. The function we expose to resolve the pubName-URLs (webFetch) will also be able to resolve the XOR-URLs. This will be explained in the XOR-URL RFC (it’s also briefly mentioned in the other post where we are discussing about it).
When you invoke the resolver function, it’ll first try to decode it as a XOR-URL, if that step fails (either because it couldn’t decode the URL or because there was not data at the decoded XOR name), it will do a fallback to assume it’s a pubName-URL and try to find the pubName MD with the sha3 hash function, just like it works today for pubName-URLs.
I’ll leave Josh to answer the other questions 