ASAs are often used at the perimeter of small satellite networks using a local ISP's internet access, and then connecting back to HQ with IPSEC tunnels. I would guess that it is not uncommon, though bad practice, to centrally monitor SNMP on the external interface instead of over the IPSEC tunnel (which can be a little tricky to do).
Yeah, it's true I guess, and if you're using a random community string and this is NSA, I think we can all safely assume NSA knows every community string spoken anywhere on the public Internet.