In 1), the file is transferred via the JMX protocol and port configured in the server profile. The data is transferred over that same connection which can be secured. We have a plug-in (.rar) that must be installed on the server side that listens to the connection and receives the file.
In 2) This is our SSH "Hook" to run a Pre, Post script and upload a File. The file can be anything or any server, not just an application. Typical examples are .properties files or .xml files that application depend on or .gif,jpgs that need to go to a webserver. The preferred way to upload an application is using the dialog referenced in 1)
in 3) I would consider that a documentation bug. The engine should support the SSH hook (file upload with tokenization, pre/post script)