Hmm, there could be. I definitely agree with the point you're making - I'll need to go back and review the article to see how I can write it differently. I'll try and do that in the next couple of days.

It wasn't intended to be a kind of "don't even think about it" thing, but rather in terms of trying to actually implement underlying security and so forth.

To be fair to cryptographers, it isn't really their responsibility - realistically all you need is an API that interfaces between cryptography code and other code, so usually that's implemented by third parties. I suspect it's said third parties who need to learn how to code, because I certainly know what you mean xD

As it happens, I'm currently figuring out how to implement Twitter's OAuth2 with PKCE auth flow, and half of the documentation is basically just "we'll assume you already know how to do this", as if one is meant to just magically know where specific endpoints are or what specific data one has never seen before looks like.