Putting a lower bound on the number of nodes needed for bootstrapping still doesn't prevent you from forming multiple clusters, because as you rightly point out you might end up with more nodes than you asked for. We're not really interested in probabilities here, because there's a lot of Elasticsearch instances out there and eventually one of them is going to hit every corner case there is.
There could well be data to lose. You might not be able to tell you've formed more than one cluster until you've started indexing into them all, at which point you can't in general merge the data back together again.