If I'm reading all this correctly, the responses depend heavily on how you intepret your statements.
-
TRUE, if and only if "any kind of content you want" is free of javascript (to protect your users), and you aren't inadvertently passing session data in the HTTP_HEADERS in the aggregation (to protect yourself). Otherwise FALSE.
-
TRUE, if and only if you assume "trusted sources" to be incapable of generating hostile content under any circumstances. Some people would never make that assumption. If you don't make that assumption, this becomes FALSE.
-
TRUE. This is also true for sites that aren't "relatively unknown".