And that's the problem with everything cryptography: It's hard to think outside of the box and only making it secure against attacks oneself can think of is not going to actually make it secure.

That's why security through obscurity doesn't work and the advice is always to use a peer reviewed, battle tested public implementation and algorithm. If enough eyes look on it, chances are high it won't blow up immediately. Or put differently: Let other looks at your implementation and let them try to break it.