[gyardley]

There's a fair amount of gloating around Cryptocat, but it protected people's communications from me, because I didn't know how to break it. So that's better than nothing.

Not if 'nothing' is "don't send the message", rather than the "send the message in the clear" that you're assuming.

Bad crypto gives end users false confidence in the security of their messages. They then send messages they normally wouldn't, and suffer the consequences when those messages end up being read by others.

Amateurs can play with crypto all they like for fun, but they have no business releasing a product to end users.