[tptacek]

I'm not sure I follow this. A library implementation of an AEAD, with "Seal" and "Unseal" functions, is almost misuse-resistant (depending on the primitive and how they handle nonces). The same is not true of a library that exports AES-CTR or AES-CBC's Encrypt/Decrypt, plus a MAC!

If you're implementing an entire AEAD construction, like GCM or EAX, from scratch, then yes. Don't do that. You probably are safer composing CBC and HMAC than you would be writing your own EAX.

But if your library exports an EAX, using it is almost certainly a huge security win over DIY authenticated encryption, even if you can remember the order of operations properly.