Just because a cryptographic protocol is secure doesn't mean a given implementation of it is secure.

Just because an implementation of a cryptographic protocol is secure doesn't mean the way its users use it is secure.