I completely agree. Sure, some implementations are flawed, but they can be fixed. All that fear-mongering and fact-distorting just serves to drive people to less secure alternatives. That is by design and I expect that quite a few people posting in this thread here (and in other places) on this subject are actually paid to create a certain atmosphere of fear and uncertainty about tools that are very likely secure or can only be broken by targeted, high-effort attacks.
As to Elliptic Curve Crypto (ECC): Stay away from that like the plague. Maybe, just maybe the DJB curves are secure, but anything the NSA may have gotten its hands on is sure to be compromised, and, by design, you cannot prove that a curve is secure unless you prove it was generated in a way that does not allow a compromise. There is also a highly suspicious trend by VPN vendors to recommend using ECC. That does not make sense at all, unless driven by the NSA. The thing is that ECC is not needed at all. Normal asymmetric crypto is by far fast enough, unless you go to very slow processors, like you have on chip-cards.