VLANs with NAT and secure, scalable network design

In a normal nat device the layer 2 header gets stripped off when the packets enter the nat inside interface and a new layer3 header gets added for communication between the outside nat interface and the opposite device.

But what happens exactly when you enable NAT and ingress VLAN ID on the SMs and enable VLANs on the AP?

I cannot imagine that this would work, anyone tried this before?

Another question, if I deploy some SMs in the same VLAN it would be very easy for an attacker to spoof DHCP responses or ARP replies as all the SMs in the same vlan would receive the broadcast traffic. If I use vlans the maximum number of isolated customers would be around 4000, and even less considering that a customer wants more than 1 vlan maybe one for voice and one for data… etc…

If someone has already deployed a secure, scalable network with SM I would appreciate if he could share his experiences.