STARTTLS is simply a method for establishing a TLS connection through the same TCP port as the backward compatible connections that don't use TLS. It's the job of TLS to provide authentication, and thus to protect from MiTM--it would be braindead to have a second authentication layer beneath it to "protect STARTTLS against MitM". If you establish a "direct" TLS connection, the TCP beneath also doesn't protect against MitM, obviously.
That some clients will accept both TLS and non-TLS connections is completely orthogonal to STARTTLS, and has its roots in backward compatibility. Good clients should provide a way for the user to enforce TLS, though.
And yes, as others have pointed out, HTTP(S) does actually work exactly that way: Unless the user asks the browser to enforce TLS (by typing https://), the browser will connect without TLS, and if the server prefers TLS, it will redirect, subject to the same MitM as opportunistic STARTTLS.
Also, I think it's kinda confused to think of your customer's traffic as your own. How does that work? Are telecom companies also allowed to listen to "their own" calls that customers make, and the post office to read "their own" letters that customers have written? Also, you have considered that your ISP's ISP then presumably also could consider all your traffic their own? So, there essentially wouldn't be anyone left who couldn't claim the traffic to be their own, so MitMs wouldn't be possible simply by definition?
STARTTLS is simply a method for establishing a TLS connection through the same TCP port as the backward compatible connections that don't use TLS. It's the job of TLS to provide authentication, and thus to protect from MiTM--it would be braindead to have a second authentication layer beneath it to "protect STARTTLS against MitM". If you establish a "direct" TLS connection, the TCP beneath also doesn't protect against MitM, obviously.
That some clients will accept both TLS and non-TLS connections is completely orthogonal to STARTTLS, and has its roots in backward compatibility. Good clients should provide a way for the user to enforce TLS, though.
And yes, as others have pointed out, HTTP(S) does actually work exactly that way: Unless the user asks the browser to enforce TLS (by typing https://), the browser will connect without TLS, and if the server prefers TLS, it will redirect, subject to the same MitM as opportunistic STARTTLS.
Also, I think it's kinda confused to think of your customer's traffic as your own. How does that work? Are telecom companies also allowed to listen to "their own" calls that customers make, and the post office to read "their own" letters that customers have written? Also, you have considered that your ISP's ISP then presumably also could consider all your traffic their own? So, there essentially wouldn't be anyone left who couldn't claim the traffic to be their own, so MitMs wouldn't be possible simply by definition?