When I talk to my virtual machines over the loopback device, I have to encrypt and then decrypt the traffic. That is pointless. I wish my SSH supported the null cipher.
If it supported the null cipher by default, users would be a single misconfiguration away from losing all security. By forcing the few who have a legitimate need for a null cipher to patch and recompile, this risk is reduced.
It's the same reason reputable crypto libraries avoid implementing things like the TLS null cipher suites (they exist), and also why the new TLS 1.3 protocol has only PFS suites and AEAD.
When I talk to my virtual machines over the loopback device, I have to encrypt and then decrypt the traffic. That is pointless. I wish my SSH supported the null cipher.