In rolling your own crypto, crypto doesn't mean cryptography but cryptosystem.
The author is not rolling their own cryptography (which is good) but they are clearly using a home made cryptosystem (and not PGP, TLS, or libsodium for example). For example they forgot authenticating their encryption, and the with "password extension" getFilledSecret is more than doubvious. Rule of thumb: if you are using cryptographic primitives directly (such as AES) you are rolling out your own crypto.
The author is not rolling their own cryptography (which is good) but they are clearly using a home made cryptosystem (and not PGP, TLS, or libsodium for example). For example they forgot authenticating their encryption, and the with "password extension" getFilledSecret is more than doubvious. Rule of thumb: if you are using cryptographic primitives directly (such as AES) you are rolling out your own crypto.