How can we measure/confirm that a shard has "enough" nodes to maintain a healthy level of security?

The more nodes that have been in a shard, the more secure a shard history is due to the number of redundant copies of the shard information being maintained. 

It is also possible for nodes to leave a shard, come back later and re-affirm history. This makes any attack vector not just all the nodes in a shard now, but all the nodes that have ever witnessed the event you are trying to change.

There is also a high degree of incentive for nodes to maintain under-served shards as the more shards low node count shards they maintain (serve) the higher the probability of getting fees.

For shard selection incentives, see: https://papers.radixdlt.com/incentives/#shards