I think people think I'm saying something I'm not. The point of that paragraph isn't that SecureDrop is terrible; it's that attempts to improve it need to be mindful of the fact that SecureDrop's simplicity is an important part of why it's considered safe to run. The point is that there are a bunch of "features" you could add to this, including things that might ostensibly improve privacy and safety, but that you don't necessarily want to adopt a more complicated version of it.
I don't disagree at all! I admit, the comment you replied to of mine was lazy. Let me expound:
You have a wealth of security experience. SecureDrop is an essential piece of infrastructure in today's reality. It would be beneficial if you contributed your experience as time permits and where applicable to ensure it remains secure if (when?) its functionality is extended.
Some of us are already talking to Garrett, who is plenty clueful on his own. :)
I think the misunderstanding (if it exists) is my fault, though; rereading, I probably shouldn't have used the word "significantly". I'll try to avoid adjectives first thing in the morning moving forward.