No; see https://www.thethingsnetwork.org/docs/applications/mqtt/quick-start.html#credentials (You might be looking at old examples, which refer to the obsolete staging.thethingsnetwork.org.)
The access key you’re using should at least have access to the messages. You could generate an additional key just for your MQTT client.
Indeed, and so it does for me. I’d expect that too. (I have not tested with The user name is the Application ID you’ve chosen yourself and the key starts with mosquitto_sub today.)ttn-account-v2:
mqttc.username_pw_set("loraexplora", "ttn-account-v2.Cz...<redacted>...")
mqttc.connect("eu.thethings.network", 1883, 10)
Maybe update the Python MQTT library: pip install paho-mqtt --upgrade (and add the 4th parameter to on_connect like shown earlier.)