That thread is old and doesn't apply to the R in any way.
1) Almost no OEM stock recoveries allow flashing custom signed zips, only those signed by the specific OEM. Sometimes it does work though, if they don't set it up correctly. This is why we could root on JB on the O4X, it allows zips signed with test keys to be flashed.
2) Insecure kernel means you flash a rooted / ADB-enabled kernel on the main boot partition. Yes, it replaces the main kernel. No, it doesn't act, recovery has a totally different kernel. Flashing insecure kernel should only be done from custom recovery, doing so from Odin / Heimdall triggers yellow triangle.
3) It's possible from ADB even if you aren't rooted. You can dump with Heimdall too, Google gives a lot of results.
I'd be glad if you could spare me a few bucks. You can use PayPal.
Thanks very much to all donors, it is much appreciated!