Well if the page will have only a little php then it has to be ".php" but I would say use.php for all the pages instead of having some html and php ones. If they are all the same it would look better then all different and maybe easier for you to organise them.
I don't think the type of file matters where you come in search engine rankings.
Can they upload php script in , say a .jpg file and then run it.
Or more realistically, in a .htm file and then run it (coz the server is set to parse htm files for php) ?
With the code snippet that I posted, the "AddType" line sets the server to interpret all of the given file-types as php. So, in the example, .php, .htm, and .html files would all be run through php before getting sent to the user.
So, to answer your question, yes and no. If a user uploads a .jpg file, it will still load up like a normal picture.
If a user uploads a .htm/.html file, I think the server would execute the script as normal. So, you would need to restrict any upload-access to not include those three file extensions (if you're worried about the security problems).
There are two solutions that I see. One, you could just bar all of those file types. If a user wants to share a .htm/.html file with other users, he/she will have to compress the file to a .zip or .rar format to upload it.
Or, if you want to allow users to post viewable html, you can set the server to interpret one extension as html and one extension as php. For example, tell the server that .html should be run by php, but .htm should not. Then, users would be able to upload .htm files only.
Also, if you parse all .html through php it may be slower, though I'm sure it is insignificant, it may be a factor. Only see it as an issue if you are already worried about people uploading .html files, in which case you could just have security in the upload to prevent this.