Yesterday's hash attack that required $100m supercomputer will require a $10k GPU, which is 5 years will require a $100 GPU. (Not talking about the math changing, but it's been more about weaknesses in S-boxes and other parts of older hash functions that get slowly chipped away)
Similarly, yesterday's system that takes an attacker 3 days to MITM your machine, will take 3 hours, and then will be somebody's python script that installs and aggregates millions of exploits.
So in general, the cost and benefit variables are constantly changing under us.
For those cases where somebody needs more protection, there's a way to go through a little more trouble to use Signal more diligently (agree with important parties not to change keys for a period of time).
To your point though: the cost of executing MITM doesn't just include the equipment, it includes showing ones hand by being discovered.
The big cost of a MITM attack is getting in the middle. The cost of doing the actual attack is minimal.
