Usually the Tor client runs on the same machine as the browser, so if you have a MITM, you probably already lost (e.g. the malware probably could have simply injected its own CA root cert into your browser).
It's somewhat of rhetorical, indeed. But it does give at least additional checks in the place. (Also potentially helps to prevent a certain class of vulnerability with hidden service, whether they are caused by a bug or attacks.)