Hi sdomb,
CA does not really have a best practice document around this topic that I can point you to. As always security is a trade of in performance, convenience and security. That being said most companies if they are using siteminder internally only tend not to setup SSL between the policy server and the different stores as you do have to maintain the SSL certs etc.
However most companies that use SiteMinder internally and externally or externally only usually do setup SSL certs for all stores as they are already managing these certs for their web sites as well. Adding a few more does not make this much more difficult.
As to performance, yes there will be some performance overhead with the SSL communication but with today’s high-end systems that most enterprises are deploying this is no longer an issue. Of course your due diligence should include bench mark load testing for both configuration, with SSL and without SSL to make sure the hard ware you have in place can handle the load you need it to.
Hope this helps
Gene