I would also add that doing crypto "right" is deceiviously hard, and it's one of those fields where it may be beneficial to do it open-source because:
1) you win trust of your users (as they know what engine you are using)
2) you can get an expert opinion from crypto guys that you implemented things right

Many recent mishaps in security happened because s/w developers improvised themselves as crypto guys, or viceversa.