Attacks against TLS/SSL are run probabilistically. The same should apply to STARTTLS suppression attacks, and potentially some other "data" attacks. Currently they can only be run with 0% or 100% probability and thus cannot be enabled by default.