It's going to grow hugely (at least as long as punters keep using bitcoin); there's an expectation that clients will switch away from using the full history sooner or later, and there are mechanisms prepared for remaining reasonably secure with shorter histories.

That's not even a large portion of the blockchain anymore. The full thing is 7GB now, and most of the large transactions are in the very recent bit.

This is basically true, actually. It'll either work or it won't, and you're just out of the bandwidth if it fails verification. At the absolute worst, you won't be able to accept any blocks from the network as a whole if it's fake, because the hashes won't line up. IIRC the official client (and most others) also include a hard-coded hash part way through the chain to help ensure you're on the correct one up to that point.

That's of course assuming there isn't some exploit in your client, due to e.g. unsafe reading of the file that could allow it to execute arbitrary code hidden in the blockchain file.

According to the thread I linked above, the software verifies the data during import.