I'll keep it short.
1) Going online safely. I read that the best thing to do is to only sign into PSN ingame, don't play any CoD and use the PSN-tool. Is this the way to go, or am I missing something?
There's always a risk no matter what you do. You lessen the chances by not signing into PSN with all the CFW stuff activated. PSN tool can help a bit. Cobra FW are even better due to how they can hide. Basically, if you're going to go online, assume you're going to get banned. If you have any purchased PSN content you care about, then just don't. You'll lose everything if the account is nuked.
2) Is there anything else really stupid I shouldn't be doing, eg installing certain patches and stuff?
Game patches are fine. Don't install what you don't understand. Don't mess with any plugins you don't know about. Don't screw with the flash. Don't randomly start installing CFW without QA flagging first. I guess an important one is if you do actually plan on installing a different CFW, don't leave a disc in the drive or mounted ISO - it will use those first and you'll get a nice rude awakening when it reboots.
3) Is it possible to change the hdd of a CFW-machine without having to re-flash? Or is it possible to use a 64gb pendrive and just play backups from there?
You don't FLASH the firmware per se, but if you replace the HDD, the PS3 will format the new disk and ask you to put the firmware on a stick to reinstall. In that sense you will need to reflash the FW. But not with a E3 or anything. You can use external USB formatted as fat32 to store and run games from - however the PS3 still installs game data to the internal drive. Some launchers and COBRA firmware support ISO & NTFS.
4) I still have two Xbox 360 controllers (wireless and wired) lying around. Is there any way of using them on the PS3 without an adaptor?
No. They are RF controllers of which the PS3 has no receiver. Adapter is required even for USB. The cost of the adapter is almost as much as the controller though. So up to you.
Without going online, what exactly am I missing out of? And would it still be possible to hook it up to the router and enjoy all the LAN-side of things (mostly ftp, hooking it up with a PSP/Vita) without ever signing into PSN?
Playing on-line... and that's about it. You could miss out on DLC - but meh, why buy if you have a chance to get banned and lose it all. Yes, you can download game updates, FTP, and browse the web without ever signing into PSN.
And what exactly are the consequences of a possible ban? Does it only block online gaming, or also block local features (like the 360 does)?
The latter. There's console bans and account bans. Console bans are console only, allowing you to spoof IDPS and CID and possibly get back online, however everything won't work. Account bans are complete closure. You cannot go online with that account and all purchases are lost. You could still technically get updates by downloading them through programs, but not through the game itself. Unless you desperately want to play on-line, there's no reason to connect it to PSN ever. Cheating or modding any game will end up with you banned anyway no matter how well you try to hide it.