Thanks for your question. Let me address the first part.
Once you set `memberOnlyRead: false`, you can invoke a function that can read data from member orgs. For example, user of Org2 can now invoke a function with Org1 peer as endorser. In this case user of Org2 can read the data.
I'm documenting the behaviour of setting these two options (memberOnlyRead and memberOnlyWrite) and show how they impact the accessing of private data.
Am thinking a setup for your second question.