It's not clear, even, to what depth this 'best practice' applies. Writing your own crypto primitives is probably a bad idea, but what about combining them? AEAD approaches demonstrate there can be nuance even with battle-tested primitives and how they're combined or used in practice. Oh, but what about key derivation or protecting the keys in general? What good is that library's encrypt method if the DIY key secrecy/rotation/exchange is sloppy?