This is called Transport Layer Security (TLS) because it only encrypts the direct connection from one MTA to the next. Every MTA on the route is able to read the mail since it processes mails above the transportlayer. Privacy can only be guaranteed if there is a direct connection between sending and recieving MTA (and both ca nbe trusted). This is not true for SMTP.
Presumably they are free to configure the MTAs at either end not to use the "smart host" relay feature. In this case all connections are direct and there are no intermediate MTAs. Is this not correct?
Not entirely. Just because you're delivering email directly to the host that is published as the domain's mail exchanger(s) in the DNS, that doesn't mean that it's the final destination or that email won't travel on from there. That host may well send the messages on to someplace else. And if the primary MX is down, mail is typically buffered on the hosts with lower priority MX records until the primary MX comes back up again, in which case they send it all the buffered mail. All these are examples where TLS between you and an MX of a domain result in cleartext transmission of email further along the delivery chain. Michel is correct, for true confidentiality you need to encrypt on the application level. Cheers Tobias