>Why would anyone ever exclude true mitm?

Same reason security programs exclude social engineering, even though that's a pretty common way for companies to get pwned.

Excluding SE is to make sure people do not spam customer support and launch annoying phishing campaigns. None of that is applicable for local software running on your own computer.