If you're relying on the MTA to keep your email communications secure, you're doing it wrong. If data is important enough to encrypt, encrypt it at the sender side first.
In this case, sending email over TLS is akin to browsing the web over TLS: You let the browser / MTA handle the encryption at a lower OSI layer than the application layer. Thus, it works transparently and without hassle to the end user. Would you suggest using GPG to manually encrypt and decrypt all your communication with any HTTPS website?
Note that the STARTTLS command is a fix for using port 587 to send encrypting mail instead of the port which is dedicated to it: port 465. It is like sending HTTPS down port 80 with a special flag. Properly configured MTAs should be using port 465 for email over TLS instead of port 587 with a "special flag".