Regarding the first point, how would that help? The password has to be stored in the clear on the server. If an adversary got control of the box, then the adversary would get the password. And secondly, how would you search a database full of encrypted data? Homomorphic encryption isn't ready for prime time as I understand it.
1. It's much easier to compromise a DB into a dump with injection, insufficient access control etc. than dump the db, find out it's encrypted, then hack the app servers and find a key somewhere in the binary.
2. You can use key distribution schemes to the app servers.
3. If you need to 'live' search in personal data you're doing it wrong. You can move search to a fulltext engine for the stuff you really need, which is more difficult to dump and reassemble. E.g. if you search for city, you only have primary keys and cities in one system.
4. You should also not keep profiles, personal data and other data on one server. Compromising one of the access paths will compromise all your data.