DNSSEC Status...

[Heavy Man]

A few questions about DNSSEC...

I understand the root zones are currently getting signed.  Just for sanity sake, should I be able to DIG +dnssec a.gtld-servers.net and be able to see a RRSIG record (assume I have a valid dnssec recursive name server with a valid trust anchor configured).  Check out the following...

[root at int-dns ~]# dig +dnssec a.gtld-servers.net
; <<>> DiG 9.6.1-P1 <<>> +dnssec a.gtld-servers.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54144
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 4096
;; QUESTION SECTION:
;a.gtld-servers.net.            IN      A
;; ANSWER SECTION:
a.gtld-servers.net.     171425  IN      A       192.5.6.30
;; AUTHORITY SECTION:
gtld-servers.net.       171424  IN      NS      d2.nstld.com.
gtld-servers.net.       171424  IN      NS      f2.nstld.com.
gtld-servers.net.       171424  IN      NS      a2.nstld.com.
gtld-servers.net.       171424  IN      NS      g2.nstld.com.
gtld-servers.net.       171424  IN      NS      l2.nstld.com.
gtld-servers.net.       171424  IN      NS      e2.nstld.com.
gtld-servers.net.       171424  IN      NS      c2.nstld.com.
gtld-servers.net.       171424  IN      NS      h2.nstld.com.
;; Query time: 130 msec
;; SERVER: 10.10.10.1#53(10.10.10.1)
;; WHEN: Tue Jun  1 09:46:13 2010
;; MSG SIZE  rcvd: 208


Also, referense the following URL..

https://ns.iana.org/dnssec/root.zone.signed

I assume this data is correct.  Is there a security risk publishing this data?  I understand DNS is public information but why wouldn't the root be signed using nsec3 versus nsec?

Thanks.