Is it a correct assumption that someone accessing the webConfigurator via http assumes that their internal network is secure?
Also, if you choose to enable the SSH server for internal network use only, is it best practice to move it to a non-standard port?
Passwords should never travel over unencrypted http.. That said, assuming no one else is listening on the local network, it might be 'acceptable'..
As for SSH once you get someone on the network that wants to hack your router, the ssh port will be found pretty fast no matter what port its running on assuming firewallrules allow access. Little use for moving it imho.
If SSH was only available on a management interface (isolated with rules) could it be exploited either externally or from within one's network?
What would the advantage of enabling SSH for internal management of pfSense if the web configurator is primarily used?
SSH is useful for troubleshooting, transferring files, and restarting the webgui if for some reason it stops responding.
You can block both (webgui/ssh) to only be accessible from a management network, that would prevent all possible exploits in those services as to exploit either someone would need to be able to send it at least some 'malicious' packet..