1. Basically, all crypto that uses "magic constants" without a clear and complete spec of how they were reached is highly suspect. That includes most ECC crypto the NSA has done so far and is likely the reason the NSA and some vendors like RSA are pushing for the use of ECC crypto.
Very true in general. With elliptic curves, you need to use specific curves because randomly selected curves are easily compromised. Only curves with very specific properties are acceptable, but as you point out the NSA has not publicly enumerated those properties. The very same thing happened with the selection of the S boxes in DES, but in that case it turned out that the NSA recommendations did, in fact, harden the algorithm from attacks such as differential cryptanalysis, an analytical technique not publicly known a decade later. Unfortunately the recommended elliptic curves have turned out a bit differently so far and thst shift seems to echo the changing mindset of the NSA and/or the administration that it reports to.