Thanks for the pointers / explanations everyone.
It would be nice if adding a replica didn't reset the SOA/NS, but the main reason I say that isn't due to the actual work of fixing it, but that once we're set up with replicas in all our offices we'll add new ones so infrequently I guarantee this will get forgotten / overlooked and cause confusion, even though I will put it into the internal KB :D
Would be nice if there was a per-zone setting to prevent this reset - perhaps even some option to specify public/private IPs for each replica and a simple public/private switch on the zone, so that it would default to using the correct IPs (and any without public IPs on a public zone would just not appear in NS/SOA records), but I understand this is outside the scope that FreeIPA is interested in supporting.
If I manually add extra NS records, will they get nuked when adding a replica, or just not be listed in SOA anymore? If nobody is sure I'll try to test this...