To give an answer to your second question:
The _users db holds the user documents with username and password-hash,
created when a user get registered.
I would not recommend to store user specific data there, typically you want
the users live in different systems with different user profiles.
Instead I would create encrypted user profile documents.
The reason for the concept of having a database per user is the fact that
in CouchDB everybody with access to the database is able to read each of
the stored documents.
(At this point, write access can be managed by document update function in
_design documents.)
You can regulate read access to databases only. Read access on document
level is not possible yet. If each of the users have their own database you
can regulate (in database security objects) which user and/or role has
access to it. From there documents can be replicated to a public database.
Another approach is to encrypt all data on each document but not the keys
used for map-reduce views. From there you can regulate access to encryption
keys on document level based on user profiles.
I would prefer the second approach like as you said, thousands of
user-databases leads to a high complexity at least in release management.
Cheers,
Harry