1. No, there is not currently read permissioning on the MultiChain level. But you can use encryption of the data in the stream to restrict visibility.
2. If you want to communicate between chains you need to build something outside the blockchain which handles this, e.g. listens for transactions on one chain, and reacts by creating transactions on another.
3. The stream data resides in the blockchain, on disk in the blocks subdirectory. If a node is subscribed to a stream, it indexes that stream's contents in many ways, and this index is stored in LevelDB.
4. Any business logic of this type is performed off-chain, inside your application.