The XMPP stream starts always unencrypted over a plain socket. If TLS is required by Openfire it will send a <starttls><required/></starttls> during the stream negotiation process over the plain socket. If it is optional, it sends only <starttls/>
If the client wants to use TLS it answers with <starttls/>. Then the server responds with <proceed/>.
And only then the TLS handshake begins and the socket connection is upgraded to a secure socket connection (over the same port). The stream is then also restarted in order to work with a fresh encrypted stream.
So "Started plain (unencrypted) socket on port: 5222" is quite normal as every connection starts unencrypted.
Everything I said is also described in the XMPP specification.