Is that the right way to do this? Or am I violating the integrity of my system somehow?
Yes, that is the correct way to do this. The only issue might be that you installed a package which is unsigned. But since you know what you did, this should not be a problem.
Do I have to do the dpkg thing after installing the older version to get it set up right? What about dependencies? What would happen if I just did the dpkg install and not the apt-get first?
Use dpkg to install packages which are not in a repository, but are available to you as a file. If the package lives in a repository, I would recommend to add the repository and use apt-get or aptitude.
dpkg does not handle dependencies. If you would have installed via dpkg first and not with apt-get there should be no difference.
Do debs have to be made for Ubuntu or will versions aimed at Debian do?
That depends :) It is usually safer to use a deb made for your particular ubuntu version. But if there are not so many dependencies, a version made for Debian may run as well. If unshure, just try it out ;)
For that matter, what about rpms or compile-from-source?
rpms are a different package format, used mainly by fedora, opensuse and their enterprise distros. Usually they are no good on debian based systems. compile-from-source should be your last resort if you really need a piece of software and can't get a packaged version.
Again, it depends, it could be rather simple, but it can be a pain in the but, depending mostly on the dependencies. Also, managing your installed software is easier if you use packaged software (of course - when building form source, you could walk the extra mile and build a package, nothing is impossible, but its more work).