Segregation of security from the citrix environment is the important part. Your citrix web interface servers tend to have more access into your production environment than would be best to allow someone to hit without it being authenticated first.
Lots of other reasons too... For example offloading the web interface to the browser (Lower footprint in your data centre). The BigIP just talks to the XMLBrokers directly... No WI required...
BigIP also does multiple authentications, lets you segregate by platform, verify client installations (Anti-Virus, Firewalls, Patch Levels etc).
H