[Samba] Wide links and insecure wide links

[Stilez]

I'd like to understand reasonably fully,, the difference between the two 
options "wide links" and "allow insecure wide links" in smb.conf. The docs 
make them sound very similar but as there are obvious security implications 
for anything to do with symlink scope, it's important to know what each of 
them allows/blocks and where they differ.

Interestingly, only the second of them is tagged as explicitly being a
significant security hole to leave open, so presumably there's quite a
difference.

Assuming that "follow symlinks" is at its default "yes", what is the
practical and security difference/implication between enabling these two 
params?

(NB - if someone wants to update the docs for "wide links", it might be
worthwhile to add more there.)

Thanks,
Stilez