How is state managed in complex "API Driven" applications to avoid having dozens of repeated queries on each request - all state is managed by the data held in the URI. Repeat queries are common with REST
I think the problem you are facing is that you are trying to shoe horn none REST thinking into your design.
The fact of the matter is that EVERY request must contain all the information you need to complete that request - there is no way around this if you want to be 'RESTful'
I can see where your concern lies, as you are having to call the same queries over and over again. But if that is the case, you should design these common queries to be as fast as possible.
Good database/API design will help in the first instance, but I will assume you have done that already.
One thing you may have overlooked is query caching on your database. Your API is RESTful, and you can scale the api as much as you like, but your database server isn't likely to need scaling (unless you have a MASSIVE api, thats very database heavy). So for your common queries, you can actually implement query caching on your database server.
This means, that although you are running a lot of the same queries over and over again, they are just coming out of the database cache.
A simple example from a REST API i am developing is the users credentials. EVERY single request to the API must have the user credentials sent with it. This means that queries to the users table gets executed for every single request BUT I have setup caching on my database, so the users details are returned from there lightening fast.
Your second point relates to data validation. You should of course validate ALL user submitted data - no exceptions.