So, the arguments I see are:<p>- abandonware (fine), bugs, yes, but doesn't invalidate the case if you know the library and the warts<p>- design flaws make it hard to write correct code, it's crypto, you better know what you are doing regardless of the library<p>- algorithm identifies are confusing, see point above.