Yep.
This is true, though we are working with those large hosting providers to move them to HTTP-01, or to some possible future validation method that uses TLS but is more secure. Discussions about possible future methods are happening on the IETF ACME mailing list.
This was our original plan, but it changed as we learned more about the extent of the problem.
Renewals can happen under TLS-SNI, even if the original issuance was via HTTP-01. However, I'd definitely recommend against this as a strategy for long-term maintenance. 
If you have the ability to automatically integrate the DNS challenge, it is generally a great choice. It works for situations where you have multiple servers serving the same hostname. It will also be required if you want to issue wildcard certificates once our v2 API launches.