Comment by graemep

The article is about desktop software. If it does not accept network connections what is the risk? If it needs to do so you can run restrict it to you LAN or a VPN or over access it an ssh tunnel. If it replaces something you use over the public internet (e.g. SaaS) it might even be more secure.

Rolling your own might make you more vulnerable to targetted attacks, but less vulnerable to automated attacks looking for known weaknesses. Most people will not publish their code. The article says "It’s not an invitation to use my software. Honestly, please don’t. None of it is built for you.".

You can roll your own software and still use libraries for security sensitive things like encryption.

Even the author of this article (who is taking it much further than most people will) still uses Firefox, Weechat, and X11.