(crap) … That’s all I understood about what you just said.
That’s quite OK for a summary.
I’m not sure that I’m a “genuinely bright person”; it just so happens that IT-security is my professional field, including (obviously) crypto (which I do not design myself - that’s best left to the cryptographers - but with which I work a lot, e.g. creating guarded and verified implementations, optimizing those, etc) and development using formal methods.
Why is that so important? Because almost always the implementation is attacked and not the algorithms. Plus, making C implementations safe and secure is a messy and cumbersome job but still very much needed work because reference implementations (against which others, e.g. optimized ones or ported ones, are checked) usually are still provided in C for a variety of reasons, but unfortunately C is the one language best suited to shot oneself in the foot in multiple and ugly ways.
“Funny” side fact: Most cryptographers are poor coders and hence many reference implementations have bugs (which can be vulnerabilities). Such I found a severe vulnerability in one of the AEAD finalists (ref. implementation).
TL;DR If you see crypto code without formal verification, run away and do not use it. Bad news: most crypto is not verified.