[Rebelgecko]

More like "lightweight" in terms of code size (or hardware equivalents like FPGA fabric area), RAM requirements, and CPU cycles per byte of encryption/authentication. In some cases this means that a message could be brute forced slightly more quickly. But in practical terms that not a big deal, who cares if someone can crack your code in 2^10 years instead of 2^14.

I think for most crypto, brute force times aren't the biggest concern. What's more potentially an issue is the breakability of the algorithm (is there a way to find the plaintext more efficiently than brute forcing?) and how susceptible the algo's implementations are to things like timing attacks (which can be an issue with s boxes although maybe not as big of a deal as I thought considering the results of the competition).

In terms of NSA conspiracy theories, it would've been more of an issue if the competition had gone towards Simon or Speck (which weren't eligible because they're block ciphers, but there's ways to adapt... I think OCB mode is no longer patent encumbered.