Is this risk analysis real? I don't believe in companies that think this is a risk at all if their box is implemented properly. If it's even possible to compromise then you have bigger problems (like your intranet not being properly secured, or the MitM setup not being sandboxed properly, or .....)