Diffie–Hellman would be far more secure over a single private key ( it is only a method of sharing keys, not encryption itself ). As the shared key changes every time you re-do the DHE the attack complexity escalates dramatically. No reason not to use AES as the provider of encryption.
Man in the middle should be fine as symmetric encryption is either defeated or requires brute force cracking. Its usually the features surrounding the encryption which cause it to fail. Take WEP security, it failed because the initial TCP ack packet is known, so crackers already had plaintext data to help break the encryption. Here is a good read AES Encryption isn't Cracked | 1Password