To answer #1, I run unstable, but compile my own kernel, so I couldn't have had this problem (although I've had many others with my own kernels
).
One thing I would suggest is leaving a relatively old kernel (2.4.something) as a backup choice for you to boot to, in case something ever happens. I leave 2.4.18-bf2.4 in my main system's boot menu for this very reason.
To answer #2, I believe this is specific to which program you use (aptitude, dselect, synaptic, etc). I don't know how to do it in regular apt-get / dpkg (if there is a way), but with aptitude you can say "aptitude hold pkgname", and I suspect synaptic's should be easy to find in the GUI. However, if you use another program to manage your package once, it will ignore the request to lock that package in the other program. For example, if you tell aptitude to hold the package, synaptic won't know anything about that "hold" status in aptitude, and will go through and upgrade the package you told aptitude to hold.
I believe this is how it works; if I'm wrong, hopefully someone else can enlighten us both.