Supernodes could not always listen. The actual traffic was always direct P2P unless a direct connection could not be established due to e.g. NATs or firewalls, in which case supernodes would be used as relays. Research into NAT traversal and P2P connectivity a few years ago indicated that about 85% of peers could be connected to directly, so most traffic was not via supernodes.
Even now the majority of non-mobile traffic seems to be direct P2P. I know because I checked using packet sniffers. In fact, even supernode traffic is P2P. Checking my router logs, I can see a number of connections made to Skype even when I'm not using it, which I presume is my machine being used as a supernode.
Since there is no key exchange and end-to-end encryption, anyone can always listen, if on a network through which a Skype stream passes. There's merely a higher opportunity to do so when running a supernode.
If a government does intercept all ISP traffic, they can listen in anyway.
I'm not sure there is no key exchange... Last I looked into Skype's security, not only was the traffic encrypted, the binary itself was also heavily obfuscated, so nobody knew what was going on. This was half a decade ago, though, and lots of things have changed since then.
That still doesn't change anything. There is (and never was) secure key exchange between contacts: if there was, it would be have to be explicit and you would've noticed.
The traffic might be encrypted, but the receiving party isn't the only one with the key. At the very least, the Skype service intermediated the key exchange.
Even now the majority of non-mobile traffic seems to be direct P2P. I know because I checked using packet sniffers. In fact, even supernode traffic is P2P. Checking my router logs, I can see a number of connections made to Skype even when I'm not using it, which I presume is my machine being used as a supernode.