So in the hands of someone whose main expertise is in writing the secure login and data protection part of an application, maybe it is a bit better? At least they could eliminate much of the low hanging fruit. Of course anything put together quickly by a small team is going to be full of vulnerabilities until it gets battle tested and security checked.