Definitely another big issue, inherent to cryptography (and maybe matematics in general), is the subtelty of creating the appropriate definitions.

As the post says, they thought about the individual components, but failed (or maybe it is just too difficult) to define the security considering composability of schemes. This is a clear limitation of modern cryptography.

Great post!