Is there some mistake in your NoScript item? Installing the plug-in and then using "allow scripts globally" is the equivalent of never installing the plug-in. It provides almost no value at all when run that way.
No. It stills protects against known attacks, like XSS attacks. If you block scripts by default you'll have to configure what scripts to allow every time you visit a new site, or every time the site adds new assets.