Really, really great questions. I will handle the Broadcom 50 client limitation.
While it is true that we use the Broadcom chip, this limitation is centered around the encryption functions of the chip. In our designs, we would recommend that the AP run in "tunneled" mode meaning that the encryption from the client is handled by the controller. Because of this advantage, we do NOT run into the 50 client limitation as that function is handled by our controllers.
In addition, we can overcome the 50 client limit in our Instant version or running in "decrypt-tunnel" mode where the AP performs the encryption functions to/from the client. In this scenario, we can offload this to another chip on the 220 APs.
Hope this helps!