1 - no. rbac still limits what objects you can act on, so if you are trying to run blcli (released or not) against a job and you don't have any perms on the job, you won't be able to alter the object.
2 - Command authorizations have nothing to do w/ the blcli. they only control nsh command execution. blcli is not nsh. there is no way to control access to the unreleased commands via rbac.
3 - not guarenteed, as mentioned in the post you referenced.
if you don't want people to use them, tell them not to use them, or atleast explain the risk of using them. if you start creating a lot of unreleased command sequences, start creating ideas for them so we can consider making released commands out of them.
thanks bill for clarifications...