To answer your first question, doing all of that on one machine is fine. The number of users is small enough it won't matter. We used to run 900 users under 4.1.6 with a local SQL and everything else running on the same server. The decision on whether to use the full or express version of SQL really depends on your needs. It sounds to me like SQL Express would be sufficient for you. We ran the full SQL.
As for your second question, sorry but I can't be of any help. We still have public folders enabled so I'm not sure of what would happen. I can say that even if you enable public folders, it doesn't mean you have to tell users about them.