What happens when an VIP has a ServerSSL Profile without a ClientSSL Profile?

Without having tested it myself my guess is it will encrypt it again, leading to a very confused backend server.

Well, let's consider how an LTM operates with various profiles:

On the clientside, you will have a TCP profile, which will cause TCP Delayed Binding.

[SYN]      C -> LTM
[SYN,ACK]  C <- LTM
[ACK]      C -> LTM

• TCP 3-Way-Handshake is now complete.

• Client sends the next segment, which will be load-balanced and sent to a pool member:

  [Client_Hello] C -> LTM
  

The LTM will then make a load-balancing decision and establish a connection with a pool member. And, because a Server-SSL Profile is applied, the LTM will perform SSL Delayed Binding:

[SYN]          LTM -> S
[SYN,ACK]      LTM <- S
[ACK]          LTM -> S
[Client_Hello] LTM -> S
[Server_Hello] LTM <- S
[Key_Exchanges...etc, SSL negotiation completes]

• The next thing that will happen is the LTM will forward the [Client_Hello] from the clientside to the pool member.

• However, because the SSL Negotiation has already occurred, [Client_Hello] will be received by L7 Application Server. In my lab, the response is a '400 Bad Request' from the server.

So to answer your question, no it will not simply send 'Encrypted' data to the back-end server. It will begin by sending the Clients' [Client_Hello] to the pool member, which will be received on Layer 7. In my lab, the server will simply respond with a '400 Bad Request', and the connection will complete.

What will actually occur is that the clientside will never successfully negotiate an SSL Connection.