I quote @erasmospunk :
Number of signers: 3-of-5 multisig is a good balance between security, redundancy and the technical capability of the current network.
There is a 500 byte limit on the transaction spending script. A rule of thumb for m-of-n multisig is 6 + m73 + n34 bytes for n < 8, and 8 + m73 + n34 bytes otherwise. I assume compressed pub keys and signatures of 72 bytes (they could also be 71 bytes). This makes the 4-of-6 multisig unusable at 502 bytes but brute forcing 2 signatures to be 71 bytes will just make it at 500 byte input script.