Sorry it took me awhile to respond. I did not see that this was posted. I'll try to address each of your issues here...
1. Instead of a command line, you can use standard SSH style urls to do this. You can specify username, password, hostname, port, and protocol this way.
ssh://username:
password@hostname:port
SSH1 specific
ssh1://username:
password@hostname:port
SSH2 specific
ssh2://username:
password@hostname:port
2. The settings are not random, but perhaps the result of prior runs. In the cases where absolute is run via a url, a 'hidden' connection file is created to store any configuration settings that are made that are not available on the command line. Each time you run with the same URL, you may pick up the colors/fonts used from the last time you used that URL. These hidden connection files are stored in %USERPROFILE%/AppData/AbsoluteTelnet. Delete all of these files to start over with a blank slate.
The 'first' time a particular server is opened, one of these hidden connection files will be created. The settings (fonts, colors, etc) will be set to the global defaults. If you wish to change the global defaults, you can edit them on the options->Properties->Global page (save/edit/clear defaults). Any global defaults in place at the time you open a given url will become the defaults for that url.
Also, in this case, you may reconsider your decision to use the 'classic' or 'tabbed' user interface (install time option). CLassic would probably be better, as each window could be opened with default paramters (80x24 screen, etc). It gets a little wonky when you try to open addition tabs with specific screen geometry in a window already open at a certain size. In classic (single connection) mode, the window will open at the appropriate size. In the tabbed interface, fonts will often have to be scaled to get to the proper width/height given the current window size.
3. Yes. Keyboard-interactive is exactly that. Interactive. Prompts are dependent on the underlying authentication mechnism and may not always be simply a password. SecurID and other one-time password mechanisms are done this way. I could try waiting for 'Password' as a prompt, and then send the password from the URL, but in a broader scope, I have to consider that the prompts may not even be in English, so this will not always work.
I am willing to work with you here on a solution. You're not the first one to have issues such as this, which is why the whole URL-launching came to existance in the first place. Sounds like it could be tweaked for your environment, though.
Brian