change DNS last so that you don't loses mail during the switch since the mailboxes wouldn't be there yet
A redirect will only work if you are redirecting it to another domain name, that's already propagated - if you redirect example.com (current hosting) to example.com (new hosting) users attached to slow DNS servers will still be connecting to the current hosting. A holding page with a forced 503 status would be my choice.
Unless they've changed their setup, you won't get a non-web accessible directory (on shared hosting). Yeah you can set up your domains in their own dir, but if you were to have someone browse to the IP they can basically access everything you have...HTAccess files get tricky if you;
Code:
Order deny,allow
Deny from all
in the doc_root.
You also can't connect to external SQL servers, or use a local dev setup to access the 1&1 SQL server.