I came across this thing called a nomx.
As to what it is, you may ask "Nomx provides a device that you keep in your home or office for all your communication needs."
A guy named Scott Helme seems to have been doing some punches at it. Which you can read more of here.https://arstechnica.com/information-technology/2017/04/punching-holes-in-nomx-the-worlds-most-secure-communications-protocol/
Examples of the issues.
The code is riddled with bad examples of how to do things, and it seems was developed by one guy called 'shawn' whose name appears throughout. They narrowly avoided one persistent XSS vulnerability by stripping tags; this was followed by the comment / should we even bother?