A great question that also comes up with my clients quite often.
My answer is that unless you have specific regulatory or design requirements, always decrypt in BigIP (or even before traffic arrives in BigIP).
As for now, you may be able to route non-decrypted traffic directly to your end-servers (and gain in F5 performance by doing so). However, unless your end-servers are bare metal with SSL ASICs, or VMs that offload SSL transactions to external HSM, you will certainly lose in overall performance. The majority of the world uses virtualization, and as you know, virtualized hosts are a complete garbage when it comes to cost-effective SSL-handling.
But what if your F5s are also virtual? That would reduce the significance of overall-performance aspect. VE BigIP does have software-based SSL acceleration, but its nowhere near as good as hardware-acceleration. Even in case of VE BigIP, I would choose to decrypt in BigIP (or before traffic arrives in BigIP) because of better control. For instance, theres a lot more you can do with iRules if you decrypt in BigIP. In your case, you would gain full visibility of HTTP headers and payload - all that information can be useful to make balancing decisions, reject some customers or even implement temporary workarounds to mitigate the bad effects of poorly coordinated releases in your enterprise. Some BigIP modules, (i.e. ASM) can only be used if you decrypt clientside traffic.