Hello, I have a a site collection where the user can create customized subsites.  The site collection has a group called "Clerks" which can have contribute access to all subsites. Whenever a subsite is made this group is given permission to access that new subsite.

Each subsite comes with 1 new Sharepoint Group for External Users. This group has Read permissions except for one list which they have Contribute permission. 

I've read the Sharepoint Online Limits and have some assumptions, and I'm hoping to have them clarified.

1) In the ff link: https://docs.microsoft.com/en-us/sharepoint/install/software-boundaries-and-limits (limits for SP 2013), it says going past the limits will affect performance. I'm assuming they work the same way as SP 2013. But is it actually a HARD limit, where you can't go any further than the limits listed down (the page for SPO doesn't touch on it https://docs.microsoft.com/en-us/office365/servicedescriptions/sharepoint-online-service-description...)

2) "Clerks" which exists in the site collection level, only count as 1 SP Group towards the recommended limit, even if granted contribute access to multiple subsites. 

3) Since 1 new Sharepoint Group is made to house external users per subsite, and the subsite limit per site collection is 2,000, I don't have to worry about this. But since there are only a few expected External Users, would it be better to just add them as individual users instead of keeping them in a group? Having them in a group makes it easier to manage but I'm wondering if there's some sort of hidden payoff.

4) I have 1 list with a unique security scope that grants the Contribute permission instead of the Read permission that comes with the External Group. This won't be an issue since the 5000 unique security scopes threshold is per list or library.

Hoping someone can help me out and correct me if I've got some of these wrong. 

Thanks.