I have found this question to be trickier than expected, so I wanted to put together my favorites links.
Let's start with oficial published information:
Other scenarios as security trimming (search related) are not been considered.
Although those articles seem a good starting point, there may be ambiguous general guidance when a customer tries to implement it. Overall I will simplify with: use Active Directory Groups, take into account boundaries, do not target max limits and understand manageability vs business requirements.
These articles from Joel Oleson and Eli Robillard are great summaries .
Finally, it is very important to be able to manage this security configuration efficiently, and here the main recommendation is to complement SharePoint with third parties or published tools as: