1. That's what strong pass-phrases are used for - to limit the access to
2. You could say "sure - so you replace the password by a pass-phrase" but
you'd still need the private key, which is never transferred over the net.
3. You can allow access for multiple keys into the same account - therefore
you can trace which key was used to login and track it back to the origin
and/or remove it if it was compromised (or do stuff like limit the commands
a key authorizes, or pair keys with originating ssh clients). On the other
hand you can't have multiple, traceable passwords to a UNIX account.
With passwords, at least that isn't a problem (assuming you aren't a
complete idiot and have the same password for everything).
With passwords it's enough to know (or guess) a relatively short string in
order to gain access. With keys protected by a pass-phrase you'll need a
string AND the unencrypted content of a file which should never leave the