Of course, I fully agree! My point was just that you can eliminate the risk of poorly implemented cryptography at the endpoints. Obviously there's a thousand and one other ways things could go wrong. But we do the best we can with security.
Anyway apparently third party clients are allowed after all? So it's a moot point.
You do if third party clients aren't possible? You have control over what client the receiving end is using.
But apparently third party clients are possible, so it's moot.