You need to think of connecting to a VPN like walking over to a physical network and plugging your computer into a switch there. So:
1. If you use HTTP, everything is sent in plain text. The VPN server can read everything. If you use HTTPS, only the domain of the server will be known by the VPN server. The first step in a HTTPS session is to establish an SSL connection, everything is encrypted from there.
2. If you have open ports on your computer (sharing files, music, etc.) this will be visible to the VPN server. Other than this, nothing is revealed. Again, it's as if you were connected to a physical network. The VPN server doesn't gain any other special privileges.
There is one exception to this, what VPN software are you using? Do you verify the source? If you received the VPN software from a questionable source, it could contain a trojan which allows outside attackers access to your computer.
Have you considered Tor or Freenode? These can run by themselves, or in addition to a VPN to give you privacy when visiting standard HTTP websites.