In general we will see some delay if we assign the receipients to the security group, as we will have more number of receipients then the dealy is worth noting.. I guess, the server will check are there any read/write options that need to be override as compared to the individuals..
I suggest to have a security group to be added rather than individual to be added. And its the best practice as you can have similar rights for the group of users
Lets say, you have 10 people assigned to one group, but if you want to restrict the access (lets say qvw download permissions or anything else) to one individual, then you can add the user again with the restricted access. I believe this user permissions will be override than the group permissions.