There are few things more important than troubleshooting a permissions issue only to find that a nested global security group is the culprit. The nesting of global security groups can cause so many issues, especially when any deny permissions come into play. Take into account any group policy-based deny permissions, and the tracing effort can be quite cumbersome.
For Active Directory domains, do you allow nested global security groups? The troubleshooting aspect of group membership is made complicated at first glance in most tools. Many tools will report effective rights, but not necessarily that they are there because of a nested group, much less a group membership at all.
I would love to say that nesting group membership is prohibited, but there are occasional situations where it makes sense.