I'll try and roll some feedback up in a way that will contribute to both questions in this thread.
I'll not get into the "what is secure?" question, as this really depends on organizational/business policy at the end of the day. There are a couple of general configuration ideas that will hopefully help.
First, a couple of points to address:
1) Does BigIP always route between multiple VLANS? No - this is a common misunderstanding. You can bind your configuration objects to specific VLANS to allow specific traffic flows.
2) Do I need to have a default route on the BigIP? No. BigIP has a feature called auto-lasthop that maps a request back out the same path as it came in. This can be extremely useful for scenarios like this.
3) Can I have multiple routes on the BigIP? Yes, using gateway pools.
These three ideas combined can create some pretty flexible and powerful architectures, and it's an extremely useful design pattern to get familiar with.
Here's a hypothetical example that will hopefully help clarify a potential use:
-- You have 2 different segments for your virtual servers, on different IP blocks. We'll call these virtual servers VS_A and VS_B.
-- You've got 2 different VLANS with servers in them. You don't want servers in VLAN A to talk to VLAN B, and you want these servers to go out different gateways (assuming you want to grant them outbound access).
Here's One Way to Do It (assuming your vlans are all set up etc):
Inbound traffic:
-- Create your server pools for VLAN A and B.
-- Create your virtual servers on their respective networks and bind them to specific vlans: VS_A binds to VLAN A, and VS_B binds to VLAN B.
-- The VLAN bindings prevent hopping vlans through the box, and auto-lasthop will ensure that response traffic goes back out the same path it came in on.
Outbound traffic (originating from the servers):
-- Create two pools: one with VLAN A's gateway address, and one with VLAN B's gateway address.
-- Create two "wildcard forwarding" virtual servers. Bind one 0.0.0.0 virtual server to VLAN A gateway pool A, the other 0.0.0.0 to VLAN B, gateway pool B.
The nice bit here is that the gateways for VLAN A and B could be an upstream firewall with access policies, etc. - whatever fits your environment.
So now you've got your major traffic flows covered and their paths enforced. Very handy!
Hope it helps.
-Matt