TFA is correct that simply thinking that, because there is a zillion-bit crypto algorithm thrown into the communication stream, that everything is good and security is guaranteed. There are many, many attack channels that do not involve brute-forcing the crypto. Keyloggers, for example.
But this is silly:
Back in the 1980s and 1990s, a group of encryption mavens known as cypherpunks sought to protect individual privacy by making "strong" encryption available to everyone. To this end they successfully spread their tools far and wide such that there were those in the cypherpunk crowd who declared victory. Thanks to Edward Snowden, we know how this story actually turned out. The NSA embarked on a clandestine, industry-spanning, program of mass subversion that weakened protocols and inserted covert backdoors into a myriad of products.
In actuality, the crypto implementations promoted by cypherpunks were exactly those that made it difficult or impossible for such a program of mass subversion to take place. Remember that the height of the cypherpunk movement was when the Clinton administration was pushing hard, really hard, for the NSA-sponsored Clipper Chip, which was, in a nutshell, crypto subverted by design and mandated by law. We now know that when the spooks found that was politically impossible, they went ahead and did it anyway, in secret. But the cypherpunk tools, most notably PGP (and later GPG, when PGP sold out and went corporate). Hell, even look at /dev/random: when it was revealed that the NSA had actually, and pretty amazingly, undermined hardware random number generators on widely available chips, /dev/random was still just fine, because it treats all sources of entropy as potentially untrustworthy, including the chip.
The first lesson we should learn from the history of the cypherpunks is that trusting your crypto to a closed product is always, always a bad idea. That was the lesson then, and it is still the lesson now.
The second lesson is that crypto, like any security, is all about the threat model. In that light, should we reject the widespread adoption of end-to-end crypto in commercial products? Of course not. If Apple and Google implement crypto by default, it will make efforts to dragnet information exponentially harder, even if the crypto is imperfect. This is why the spooks are beating the drum against it: it closes off that one particular threat model, which they have come to rely on. It doesn't close off other kinds of attack, but so what?
The third lesson is that crypto, by itself, is not a panacea. Nobody ever said it was. The cypherpunk message was not that we can write PGP, declare victory, and walk away. The message was that privacy changes the relationship between the citizen and the state in beneficial ways, and that, in a technological society, we need to embrace technological means of increasing our privacy, in ways that cannot be controlled by the state.