Whatever the other issues with MXs are, they are slightly different
issues.
I'm not seeing why, other than that MX records are normally used for
server-to-server communication rather than client-to-server
communication.
I need to look at server_host again. But one way to ask the question
is - if a host has a cert that allows it to act as a web server for
domain X, does that mean it has the authority to act as an MX for
domain X? Basically if you want to have confidence that the mail is
really going to the right place, you need different kinds of certs for
the two situations. And to do that you're going to need more than a
TLS extension.