The iTunes Store uses HTTPS for most of it (if not all), at least that's how it was when I checked.
Regarding your specific question, you have to consider the iPhone is another regular device, albeit full of limitations in the tweaking department, it still runs a OS X variant, with derived UNIX parts, etc. So for the sake of this question, let's say your iPhone is a computer running some form of Unix Operating System; with that in mind, all the security risks that affect a computer are valid. Should the iPhone (and iOS) have a remote vulnerability, you would be exposed, just like your Macbook or your Windows computer or even your Linux Box.
Using 'open' Wi-Fi means anyone can log in and inspect the traffic. Anyone trying to do malicious stuff will be eavesdropping and listing for traffic in the network.
If you send an email, it will likely be unencrypted and visible. If you use IM (MSN, Yahoo, iChat/AIM, Jabber, etc.) you are likely not encrypted either (nor using a secure channel by default).
When using Safari, anything that doesn't go though some form of HTTPS is visible. Cookies and Data, with all the associated risks.
So as you can see, and excluding particular OS vulnerabilities, we're very exposed when using open networks. Most people doesn't really care or know but the risks are there (and so are the malicious users) :)
Connecting through a VPN will help with your traffic, but I have never used a VPN on an iPhone and thus I don't know what the capabilities of that are.
No.
IPhone will use the cellular connection for push notifications at any time, unless
Settings > General > Network > Cellular Data
is turned off.
Also, if the lock screen is on, then iPhone is connected to the cellular network, not wifi.
IPad is always connected to wifi, lock screen or no.
Best Answer
Your scenario won't work I'm afraid, because a TCP connection is created between a source IP address and port, and a destination address and port.
In your scenario, your phone's source IP address would change when switching network interfaces. This would break the connection, so the App store will not recognize that you already connected before, even though you securely connected over TLS (HTTPS)