Mu understanding is that using the RB750 as a router, the LAN is either switched together on 2-5 or individually routed (through the WAN) on ports 2-5.
Can I group 3 of the ports as a switched-LAN (set one of them as 'master' port) routed through the WAN interface, and 1 port to also be on the WAN side? Maybe this could be accomplished by creating a bridge interface, adding the WAN and LAN 1 to the bridge, then setting ports 2-5 to use the bridge interface as gateway?

On a SOHO-type router, I would expose the SERVER expose as a DMZ-host, but I am wondering if the RB750 allows me to place this logically outside the LAN in the 10.0.0.0 block?

Yes, you can put any of the ports 2-5 into the switch, and leave out whatever ones you want.

You can make a bridge of ANY ports 1-5, and leave out whatever ones you want, and make multiple bridges.

You an route between any ports or switch or bridges.

This isn't working as I had expected.
Created bridge 1
Added ether-1-gateway (IP 10.0.0.2) and ether-5 to bridge.
ether-1 wired to 10.0.0.0/24 network with 10.0.0.1 as upstream internet gateway.
ether-5 wired to host with IP 10.0.0.5
bridge-1 assigned the IP 10.0.0.4
[ ports ether2-4 switched with ether2 as master, nat'd at 10.0.1.0/24 and serving DHCP. ]

From the 10.0.0.0 network, I could ping the bridge-1 IP 10.0.0.4 but could NOT reach the host connected to ether-5 at 10.0.0.5.
If I add a static route to 10.0.0.5 via interface bridge-1, then I'm able to reach 10.0.0.5.
Why is the static route needed in this case? Shouldn't the bridge allow traffic to 10.0.0.2 (ether-1), 10.0.0.4 (bridge-1) and 10.0.0.5 (host via ether-5) without routing?

This isn't working as I had expected.
Created bridge 1
Added ether-1-gateway (IP 10.0.0.2) and ether-5 to bridge.
ether-1 wired to 10.0.0.0/24 network with 10.0.0.1 as upstream internet gateway.
ether-5 wired to host with IP 10.0.0.5
bridge-1 assigned the IP 10.0.0.4
[ ports ether2-4 switched with ether2 as master, nat'd at 10.0.1.0/24 and serving DHCP. ]

From the 10.0.0.0 network, I could ping the bridge-1 IP 10.0.0.4 but could NOT reach the host connected to ether-5 at 10.0.0.5.
If I add a static route to 10.0.0.5 via interface bridge-1, then I'm able to reach 10.0.0.5.
Why is the static route needed in this case? Shouldn't the bridge allow traffic to 10.0.0.2 (ether-1), 10.0.0.4 (bridge-1) and 10.0.0.5 (host via ether-5) without routing?

You cannot put IP addresses on any ports that are in a bridge (well, you CAN, but it won't work). The bridge itself gets the IP addresses, not the individual ports.

When you do add IP address(s) to the bridge, make sure you put /24 after every address so that the subnet mask gets calculated correctly.

Once this is done, it will act just like a network switch, no routing required.