Windows 7 - Keeping Guest Infections from Host via SUBST & ICACLS on Shares

I have many uses for a VM, including the taking of risks I avoid on the Host.

I am looking at both VMWare 3.1.4 build-385536 and VirtualBox 4.1.2.r73507

QUESTION 1
Is there any difference in security risks and capability between the use of a conventional shared folder at
G:\2_Way\
or
X:\
where X:\ is the result of the CMD.EXE command
When running a risk (intentional or otherwise) the host should be protected from malware if I REMEMBER to change the 2_Way folder name to something else BEFORE launching the VM
I prefer to avoid depending on my memory, therefore it will be easier to take no action UNLESS I require 2 way access, in which case a desktop shortcut will run the SUBST command to give access via X:\

QUESTION 2
How can I mitigate the risk if something bad gets in G:\2_Way\ ?
Should I use ICACLS or similar on the 2_WAY folder to prohibit execution ?
I did a few simple things by trial and error with CACLS under XP.

I am new to Windows 7 and ICACLS seems to have more bells and whistles.
I would appreciate being given the CMD.EXE command string for the Host to restrict the contents of
G:\2_Way\

QUESTION 3.
Should I similarly supplement host protection if the Guest is given Read Access to
G:\Read_Only ?
There was a time when I thought files were either write protected or not,
but now there are so many flavours of protection I am bewildered.
e.g. ICACLS lists under "perm"
What sort of Read-Only restriction does the VBOX apply, "R" or "RX"
and does "R" mean that malware can be read and copied but not executed ?

Regards
Alan