The thing to remember is that cryptography is very tricky business, and even when an algorithm is sound on paper that does not guarantee that it’s implemented in a secure way. A famous example is when NSA “helped” develop the Diffie-Hellman cryptographic key exchange standard and introduced a vulnerability that nobody noticed for a very long time.
Any standard that’s been developed in conjunction with US agencies should be considered compromised in my opinion.
but at what cost!