"core project" is a nebulous term. Stuff is in that repo when it doesn't make sense to break it off as a crate; and a lot of our code is broken off as a crate. But yes, the servo team rarely hacks directly on the C++ components. (we hack very often on Rust out of tree things though)
The C++ code is in servo/mozjs and servo/skia (though that dependency doesn't get used on a default run now IIRC), as well as some other scattered deps and native linkages (fontconfig, harfbuzz, openssl, etc)
We've split the code up in crates so servo/servo is only a fraction of the story. Things in servo/servo are usually components which don't make much sense as something you'd independently use, and are very servo-specific and/or tightly coupled. But a lot of our Rust code is outside the tree, and any C++ modules we use are too.
Also, he vast majority of code in servo/servo is actually HTML/JS test code, vendored in tree from w3c/web-platform-tests.
I built Servo last week, I ran "git fetch upstream && git reset --hard upstream/master && git submodule update" and then "tokei .". So, unless Servo puts its cache in the dir, I would guess not, no.
I think by default servo does put the cache in the dir. So yeah, this would be an accurate estimate.
Though not all that rust code is written specifically for servo, and a lot of that C/++ code is winapi and skia. winapi is autogenerated, and skia isn't used by default anymore iirc.
Not in the core project: https://github.com/servo/servo