I think you're looking too much into it. This is not offered as a permanent solution nor is it used as it.
Fact is that for isolated systems the company does not allow any network connectivity going out of that tier. The network team will not allow that communication on the firewalls because that is permanent.
Doing this with SSH only exposes the traffic tunneled for the time you're using it. The tunnel is gone when you log out and so will the NFS mount.
SSH is not being used for security, although it doesn't hurt either. Everything else you say unrelated to what I described.
I think you're looking too
I think you're looking too much into it. This is not offered as a permanent solution nor is it used as it.
Fact is that for isolated systems the company does not allow any network connectivity going out of that tier. The network team will not allow that communication on the firewalls because that is permanent.
Doing this with SSH only exposes the traffic tunneled for the time you're using it. The tunnel is gone when you log out and so will the NFS mount.
SSH is not being used for security, although it doesn't hurt either. Everything else you say unrelated to what I described.