Yes, the provider could initiate a man-in-the-middle attack against all users from the start. However, let us assume that he didn't do that, for various reasons that are for a seperate discussion.
In such a scenario, Alice conversation with Bob is secure. It requires only the initial secure key exchange. Once that is complete, they are fine.
But with the backdoor of silent key-renegotiation, the provider can at any time decide that now they want to eavesdrop into this or that conversation. Say, because a government agency asked them nicely, or a FB employee looked up that woman he met last night in the database and found her WhatsApp number...
It is a different scenario with different ramifications.