Depends on what you mean by segregation...
The control side (usually referred to as the host in BigIP) has access to the TMM (forwarding part), in that you can access the TMM interfaces etc from the host itself (e.g. For monitors which run on the host side).
However the TMM forwarding doesn't have access to the host... So forwarded traffic can't use the management interfaces for example.
This means that your management side (host) can monitor and access your poolmembers, perform diags etc, but your user traffic can't hop over to your (more secure... ) management side.
H