"It's nuanced and detail oriented" would be my answer. I'm not a cryptographer, but in my dealings and exploration I've found lots of issues that just aren't obvious, e.g. timing attacks and length extension attacks. There are also many things that are obvious, but require care to do, e.g. single-use nonces and authentication.
A mistake in crypto can invalidate your entire system, not just make it unreliable or crash, and those mistakes don't have to be something obvious, there are many insidious little things that can happen as well. That's my take on it.
That said, I believe that software engineers should learn basic crypto and fiddle around with their own ideas, _with the understanding that there is always someone smarter than them_ in order to understand some of the problems they'll be facing.
A mistake in crypto can invalidate your entire system, not just make it unreliable or crash, and those mistakes don't have to be something obvious, there are many insidious little things that can happen as well. That's my take on it.
That said, I believe that software engineers should learn basic crypto and fiddle around with their own ideas, _with the understanding that there is always someone smarter than them_ in order to understand some of the problems they'll be facing.