I don't have any references at hand re Peer to Peer via TCP on browsers. You could check the discuss-webrtc group for mentions.
On the second point, it is easier to explain it in two parts.
When a webrtc client uses a TURN server, regardless of the client protocol, the relay allocation creates a UDP port for the traffic to flow between the TURN client and the remote WebRTC user.
The most common scenario, is where two browsers cannot establish a NAT connection with the assistance STUN and then have to rely on the TURN relay. In this case the ICE negotiation provides the remote browser with the address of the TURN relay port. So instead of trying to contact my router for a NAT connection, it connects to the TURN server and port allocated.
In the case that both browsers can not use STUN and will require TURN, often because they do not have UDP egress, there are relay ports created for each browser and these 2 ports end up connecting to each other, to complete the relay path.
Cheers,
Warren