Let me try to answer some of these from my point of view.
-
Yes, you can do that. That of course has the smallest rate limit and you might consider creating a key that is tied to an authorized Twitch account.
-
I do something like this with the profile picture. I cache the URL that Twitch returns and only update after 24 hours. This reduces the number of hits on the Twitch API. You could of course update more often than that but, I would still recommend a cache setup.
-
Yes, this could cause you problems now that they are looking to enforce rate limits with Helix in the future. Kraken v5 isn’t quite as limited and the odds of you bumping into problems is probably a bit less. How I handle this is using the MVC pattern and never showing my client ID to the web browser. Everything is done within the Controller and the client ID is never shown in the View.
EDIT: Of course, as the previous answer indicates, you may still have risk during the authentication process. This is why it is best to look at using the OAuth/Bearer tokens for requests.
-
Yes. Higher rate limits when you get to Helix for OAuth/Bearer tokens because they are tied to a known user (is my impression as to why Twitch raises the rate limits).
-
Each has separate rate limits. The OAuth/Bearer token method and the Client ID method. You can test this by using software such as curl to perform a lookup both ways and look at the X-Rate-Limit headers returned.
-
In general, rapid API calls could get you in trouble. Either you will hit a rate limit or be contacted by Twitch. Again, caching is your friend.