Default [Q] Question on SHA1

im a new android app developer, i signed my app then get a new SHA1 from eclipse, i plan to use SHA1 as my security key when connect to my server, purpose to let my server acknowledge that a request is from original app.

does SHA1 is public?
does rooted phone capable to get original SHA1
how to get SHA1 key during runtime?
if some one decompile -> modify -> recompiler my app, with SHA1 remain as "original" or become "other key" while get SHA1 during runtime?