I have nothing to add here as someone who has (at best) a novice level of C/C++ knowledge.
But I want to thank you both for adding to that.
These are the issues that everyone should have on their minds when writing sensitive crypto code.
As Gavin says in a round-about way; we can only do our best with the time we are given, but we do have a responsibility here.
I'm sure I'm not the only one that sometimes wonders how software manages to function at all. It often feels as if there are thousands of potential entry vectors on my machine and just one is enough. But that doesn't mean it's not worth trying our best.
edit: Just noticed this gem from gmaxwell's post:
It deserves the extra work to make it completely right, and the users who will depend on it deserve it too.
.
Emphasis on the latter point there, even if none of the technical points sink in.
You're engineering a car. Alice does not necessarily know and cannot be expected to know the potential failure points.