Just having a library that does something doesn't magically bring security. The issue is, engineer still needs to know a lot of stuff (or strictly conform to the instructions) to use the thing correctly. There are too many ways to screw the thing up without even knowing it.
So, if the thing's to slap some nice GUI upon an existing library that implements the security bits, then almost no knowledge's required. But if one has a library full of primitives but still has to combine them in a meaningful way - it's a damned minefield.
So, if the thing's to slap some nice GUI upon an existing library that implements the security bits, then almost no knowledge's required. But if one has a library full of primitives but still has to combine them in a meaningful way - it's a damned minefield.