I can explain right now.
I’ve got a webserver right now running with two interfaces. One of those has port 80 and port 443 open to the outside world, and everything else locked down.
The other interface is on a 10.x.y.z internal network. DNS resolution happens through here, and routing defaults to use this interface. (It’s also how I ssh in, when I need to.)
If you can onebox stuff like say, my internal wiki, Discourse could act as a reverse proxy for you to probe my internal webpages. (Actually, the wiki won’t work, because you need a login to even view pages. But the point still stands.) Certainly the server can reach some internal webpages, but guessing the names would be difficult.
Locking oneboxes to only things on public Internet addesses limits the content to stuff that, presumably, you could access anyway.