More or less. Quantum states can only be measured probabilistically. This, combined with the fact that they cannot be cloned, is what makes the eavesdropper detectable if he/she tries to intercept the quantum states in between the sender and receiver. i.e. The sender knows what she sent, but if the eavesdropper measures those states and tries to imperfectly clone them she will send states to the receiver that will produce impossible results when measured by the receiver.
In a true MITM attack the eavesdropper could claim to be the receiver to the sender and the sender to the receiver and exchange keys with them both. This is why authentication must be a part of QKD protocols.
Once you have a secure key, using it as a one-time-pad is the most secure way to send data. (Note: We're skipping a few steps like error correction and privacy amplification)
In a true MITM attack the eavesdropper could claim to be the receiver to the sender and the sender to the receiver and exchange keys with them both. This is why authentication must be a part of QKD protocols.
Once you have a secure key, using it as a one-time-pad is the most secure way to send data. (Note: We're skipping a few steps like error correction and privacy amplification)