[StavrosK]

> the author wrote their own crypto code

That doesn't immediately mean that the library is useless.

> until that is fixed

I disagree with the word "fixed", as if it's broken. He probably used the highest-level primitives he could to achieve the requirements.

> I've already spotted a few vulnerabilities.

It'd probably be more constructive to open an issue detailing the vulnerabilities rather than saying "I've spotted some, use NaCl" and leaving it at that. What makes you so sure that NaCl is even a suitable replacement without knowing all the considerations that went into the project?