If you look at the code on github he doesn't appear to have implemented the algos from scratch, rather he reused public domain code. It's still very much possible to make a mistake while wiring it all together though, especially in C.
EDIT: actually the curve25519-donna code is from Google and appears to be BSD-like. The chacha and sha256 implementations are public domain however.
Yeah, what's exactly what I was saying. He's using existing high quality algorithm implementations and integrating them into his new tool. The only custom part is how exactly he uses them in his code.
While it's totally possible to screw that up, it's also not really the majorly discouraged part.
EDIT: actually the curve25519-donna code is from Google and appears to be BSD-like. The chacha and sha256 implementations are public domain however.