Why do so few mail providers support Port 587?

What these two boil down it is a much simpler mail system architecture,
which in turn translates to a more secure mail system and an
easier-to-administer one.

Consider the control flow if you're trying to use port 25 for

  Send a 220

  If you see an EHLO, advertise that you support STARTTLS

  If you receive a STARTTLS and another EHLO, advertise that
  you support AUTH -- you don't want to do authentication
  over insecure connections, especially if your goal is to
  support roaming wireless users.

  Accept inbound email. Check if the user was authenticated.
  If so, permit relaying; also do rate checks. If not, don't
  permit relaying, but do run anti-spam software.

  Do virus checks. If authenticated, notify the sender that
  either their machine is infested with *something* or their
  credentials have been stolen. If unauthenticated, discard;
  it's probably a joe job.

The point is that authenticated status has to be retained and checked

If you're using 587, the subscriber flow is like this:

  Send a 220

  Don't accept anything until you see STARTTLS

  Don't do anything until you see an AUTH

  Accept inbound mail, do rate checks and virus checks, and
  bounce accordingly

For port 25:

  Send a 220

  Optionally permit (but don't require) STARTTLS

  Accept inbound mail. Do virus and spam checks, and drop
  as needed. Don't permit relaying

Both are simpler; neither requires retained global state.