Protecting the integrity of a payload is done via the use of a Message Authentication Code (MAC) also called a keyed-hash. Which one to use and how to use one securely? This is what this page is about.
No. This is vulnerable to a key-length extension.
If done correctly, yes. But it is not straight-forward to implement. So better use HMAC() or KMAC().
No. Since HMAC relies on MD5 or SHA-1's pre-image resistance. However, as attacks only get better, is it poor taste to continue using hash functions that have been broken, even in HMAC.