Unfortunately I can't speak from a Linux perspective. But they do use smartcards at my work. For now, I'm pretty happy with it, and it seems to be a valid form of 2 factor auth.
It took me a minute to figure out what they were doing with it. Basically they have an IPKI setup where they can create, distribute, and revoke user certificates. The user certificates are password protected, and that's the password you use to login to your system. Your certificate is tied to your AD account, so when you login with your smart card, you're logging into Windows with your AD account. Happiness.
It does need to stay plugged into the laptop, if it is removed the computer will lock. I don't know how secure this lock process is vs CTRL+ALT+DEL.
The only slowdown in the login process, aside from getting the card in the slot, is sometimes Windows takes a few seconds to read from the card for some reason.
1) very secure 2) yes, it has to stay plugged in (there may be a setting to change that but the military turns it off if it does) 3) faster than typing in a password, about the same a typing in a pin