You either trust that it does, check the source code and trust that it does it correctly, or capture the traffic and check it (and trust that it does it correctly .
From a first (shallow) dive into the code it seems like modest indeed wants to enforce STARTTLS if "Normal (TLS)" is selected. Also, when creating a new account in modest, one can chose a port number other than 143 for "Normal (TLS)". Once the account is active, changing the port is no longer possible, apparently.