if you have physical access to the network you can simply spoof the proxy (or a target on the network). This would be especially easy to do since that proxy is being used to encrypt traffic for the network and would therefor be sending plain text over the network.
I have no idea what you're trying to argue because on one hand you want everything encrypted but on the other hand you have no problem with everything being plain text over the dmz. I also just noticed you said "Using a DMZ is secure, since the unencrypted network is not publicly visible." which is scary.
I'm not about to waste the time pricing out anything because I simply know that 3 servers cost more than 1. You could as you said buy a card which will encrypt the data for you however if you're building a server farm, one of those is going to add on about a 1/3 of the cost of each server (based on the last time i saw the price of one which was probably 5 years ago). Can you even do https over an rsa card? because the whole point here is to make traffic for public websites (and other services) encrypted.
I never said that there's no value in an it department that loses money, I said that there's no value in an it department if it's losing money for the company. That's why companies create budgets for departments, they know that having this department can increase their sales X dollars so the company will be willing to spend X - Y dollars on it.
Finally regarding context, there are much more efficient ways of removing context than trying to encrypt everything. Just because all you have is a hammer doesn't mean everything is a nail.