I'm assuming the mailme form is a big script. And by installing they probably mean copying module code to the server(just uploading it)... If they dont' specify how/why then e-mail the admin.
It's best to use the same extension over all your files whether they're PHP/HTML/both. Just because it gives a user too much insight into your site's code/setup. Basically, it tells a hacker/possible attacker that "this page uses PHP, whilst this one doesnt" so they'll try to attack the PHP sides. Some mask their PHP files with a HTML extension, using .htaccess(server setup).
And as for the save/open/cancel, i'm assuming the reason it's doing that is either a dodgey extension(what are the file extensions?) or the server not being involved in parsing the PHP (change the URL from file:// whatever, to
http://testingserver/whatever)... Basically because if it uses the file:// protocol if an extension is unrecognised it won't serve it will try to download.
Cheers,
Jamey