Two security concepts come to mind: defense in depth and assume breach. A hacked device on your lan doesnt have to equal complete compromise of your betwork. Giving up at the perimeter is one option, sure. Another is to design a network to be as resilient as possible to attack and compromise by layering defensive controls and assuming some can be bypassed. Then develop detective/preventative controls to respond when they are.
Edit: specifically, encrypting http traffic will help reduce the risk of the threat actor acquiring new credentials (since we don't reuse those) and using them to pivot to other resources.
Edit: specifically, encrypting http traffic will help reduce the risk of the threat actor acquiring new credentials (since we don't reuse those) and using them to pivot to other resources.