The controller account is a semi-online key that is in the direct control of a user and can be used to start or stop nominating for a validator or several validators. Controller keys should hold some KSM to pay for fees, but they should not be used to hold huge amounts or life savings. Since they will be exposed to the internet with relative frequency, they should be treated carefully and occasionally replaced with new ones.
The stash account is a key that will, in most cases, be a cold wallet, existing on a piece of paper in a safe or a hardware wallet. It should rarely, if ever, be exposed to the Internet. The stash key is intended to hold a large amount of funds. It should be thought of as a savings account at a bank, which ideally is only ever touched in urgent conditions.
Since the stash key is kept offline, it must be set to have its funds bonded to a particular controller, which will never be able to actually move or claim the funds in the stash key [source