This isn't always the truth. you can lock out people through simple .htaccess, deny them with a login script of sort. If you really wanted to, and i've never tried this so i cant say for a fact, you could force mydomain.com to link to the myotherdomain.com with a soft link from shell. as i've only done this on my home server, i have no guarantee that it works here.
by default, yes. you can usually call from other folders in your user root through most languages, such as php, or by a simple soft link as mentioned in the last part. but by default, only you can access them unless you specify otherwise.