EDIT: Had a chance to look through it now, looks like they addressed all the concerns back by 2015
i.e.
1. Replacing the custom crypto code with more standard libraries (looks like they settled on NACL/libsodium's implementations).
2. Switched to AES-GCM and then later ChaChaPoly
3. Fixed up the tor protocol issues too.
Probably more but there's a lot going on.
EDIT: Had a chance to look through it now, looks like they addressed all the concerns back by 2015
i.e.
1. Replacing the custom crypto code with more standard libraries (looks like they settled on NACL/libsodium's implementations).
2. Switched to AES-GCM and then later ChaChaPoly
3. Fixed up the tor protocol issues too.
Probably more but there's a lot going on.