I don't believe there is any technical limit, but in my experience if you are looking at using a large number of security tags, you might want to rethink the permission structure.

If you have 5 security tags on an entry, users will need all 5 tags to access that document; in that case you'd usually be better off having 1 tag and 5 groups with access to that tag.

Tags are useful, and I can't say for sure that it is the wrong approach for your situation, but I can say from experience that tags can be a lot more difficult to manage.

One repository I inherited when I first joined my current organization leaned very heavily on tags for access control, and it was exceedingly difficult to maintain/troubleshoot.