Additional comments about Security...
You can have several document libraries in one site, that is also a way to separate security/permissions. There is a commercial third party tool available for SharePoint that allows you to set permissions by the use of metadata. So, if you're interested in
that, you can investigate further.
Try and keep the folder hierarchy as flat and minimal as you can, but don't limit yourself to metadata views exclusively. Mix the opportunities for the best results! If you choose to depend on metadata only,
you should separate sets of documents by putting them in its own websites and set the permissions on this level. If you need a more granular rights management, folders/libraries are the easier way to do it.
This article is also available in other languages: