Peer review is necessary to assure blunders are not overlooked. However, there has been no demonstration that peer review is all that is needed for the superior protection. This is not an argument for obscurity, only a caution that peer review is not necessary sufficient. Peers miss stuff too, as amply demonstrated by holes and bad implementation later discovered. Betting you life on peer review, or open disclosure is probably not very smart. Instead, expect some shrewd peer(s) to see something that will serve a private purpose by keeping quiet. Competiton, betrayal, disinfo, venality, play a role as well as search for truth through open discourse. Comsec is a swamp, quicksand, punji trap, and comsec experts are never trustworthy about each other or about systems. The open source methodology, call it snakeoil, works well for the inexpert to gain a limited education, but behind that stage the usual shit goes on. Keeping quiet about crypto cracks, holes, trojans, backdoors, is extremely rewarding. Concealing deep faults with shallow ones is SOP. Note that wide crypto use has become a stimulus to intercept, store forever (NSA policy), crack when possible and to continue trying to crack indefinitely (NSA policy), with successful deep cracks seldom revealed. "NSA policy" is that of deeply embedded contractors and researchers as well. Publicly-availalbe encryption and other currently usable comsec protection are satisfactory for ordinary communications but not for more than that if you are up to extraordinary renditions, say, making a bundle peddling natsec-grade counter-threat assurances. Yep, natsec-grade is what the telecoms and like critical infrastructure dealers claim they are providing. Nothing pays better.