Can the __VIEWSTATE and __EVENTVALIDATION be use for research in order to breach a web app?

I'm learning ASP.NET now and I am a bit confused by the __VIEWSTATE and __EVENTVALIDATION.

1. Would it be possible to read the value those two items to learn about the internals of the app and possibly manipulate it. For eg. people write that the __VIEWSTATE contains information about the properties of elements that are not sent back through the POSTBACK, like a label for example. Wouldn't it be possible then to manipulate the value of labels in an app to make it display wrong information?

2. Would it be possible to change the value of __VIEWSTATE with a much larger value so that when it is posted back to the server it adds serious overhead to decompressing and/or decripting the information and thus basically making a DDOS?