Mapping: should this be ROOT TO ROOT? or ROOT TO NOBODY (the default, 3rd down, option)?
Largely irrelvant - at least for home directories. This option only affects what happens when a root user tries to mount the shared directory - 'root to root' means that the root user gets root-level access to the filesystem. 'root to nobody' means that the root user is mapped to 'nobody', an unprivileged account. In some ways, 'root to nobody' makes more sense, although then all root-privileged changes to the directory have to be made on the server itself, rather than over the network.
Minimum security....Standard or should I turn on Kerberos and select one of these options?
If you're running a kerberized environment (including Open Directory with mapped clients) then Kerberos would be preferred.