Hi!
Basically, you need direct traffic to your kubernetes cluster. How you do it, it really depends on your setup. But is not a bad idea to have the F5 have the Publix IPs and it direct traffic (to pods or to ingress controller, as you prefer).
If you want F5 directly routing to pods, you will need your services to use type node Port. And then, the F5 know on which port route to every app.
If you want F5 routing to your ingress, then your ingress service has a type nodePort, F5 routes to it and the ingress routes to pods.
To be more precise, the ingress will route to a service (that probably is type cluster IP), then the ingress routes traffic to that IP and kube-proxy does the load balancing. So, answering your question, nginx ingress is not acting so much as a load balancer, but it does that job in conjunction with kube-proxy.
It is safe to leave the ingress to the public, as long as you limit the ports available and you can actually do it (i.e. route traffic to it). That part is not trivial and F5, MetalLB, or something else might come handy. I can later search for a nice link explaining this problem if you want, just let me know.
Regarding your second question, yes, your nginx ingress can have multiple replicas as any deployment. If traffic is routed correctly and handles failures fine, you can just route to several replicas in an HA setup.
And regarding your third question, I think it is it depends. But it is not a band idea at all to do it 
Hope it helps,
Rodrigo