Hi Patrick,
I slightly agree with you that some control is gained by network zones for PROD / QAS / DEV systems, but the moment you have an STMS transport system, CTS+, SOLMAN monitoring, CUA / IDM, master data replication, central etc then the RFC / SAPGui / Gateway / http ports will be open between the zones anyway.
So you have a considerably slightly higher maintenance effort for the firewalls, networks and switches with only marginally slightly better control of segments (e.g. for "zoning" in gateway ACLs it is useful).
;-)
Cheers,
Julius