Most cases, customers could manage their fwsm or vfw contexts from the inside network. In which case they could use telnet/pdm etc.
But if they need to manage the devices securely from the outside, then the fwsm provides the capability for ipsec or ssh (not ssl though) to the fwsm and manage it. So if they have a centralised management location and want to manage fwsm in different POP's then they can use ipsec.