[rainsford]

> But somehow, Threema comes out looking even worse

A lot of those issues fall into the category of warning signs that foretell impending doom beyond the immediate problem being identified. Like looking at a house you're thinking of buying and seeing a giant hole in the wall and looking at a different house with a damp mildew smell in every room. The hole in the wall is a more immediate and obvious problem, but the smell suggests the more significant concern.

Cryptographic systems in particular seem good at generating these kind of warning signs, since there is a significant overlap between "I can't immediately catastrophically break this" and "WTF are you doing?". Arguably, making these kinds of terrible cryptographic choices suggests something fundamentally broken in your design process that isn't fixed by just addressing specific weaknesses. This seems especially true in the secure messaging arena, where if you can't articulate an extremely good reason you can't use an existing protocol, the default position should be to avoid your product.