I'm not privy to GP's use case, but the "non-standard" part you nodded at makes it far more likely they "rolled their own crypto" and thus the landscape of vulns or leaks introduced by the "how hard can it be" crew is vast. That's not even including the similar, although smaller, risk pushed down upon the consumers since they are also now have to eject from the vetted libraries to interact and start doing their own fun //FIXME hacks