On a separate note, there is a significant desire amount the non-security development community to either write their own algorithm, or to "tweak" an existing algorithm. Both of these are very scary prospects.

The best I think we can do to educate developers is to show them what has happened in the various encryption and hashing competitions worldwide. In the U.S., at least, we can see from the AES competition,

http://csrc.nist.gov/archive/aes/round1/r1report.htm even in Round 1, of the algorithms submitted for consideration, there were at least 5 reported major attacks, of which NIST confirmed 3 (and eliminated all 5) - of interest is that these were also 5 of the slowest algorithms. There were also 5 "lesser" attacks, and all five of those algorithms were eliminated for a combination of that and other reasons. Presumably professional cryptographers submitted these... and none were good enough for consideration in Round 2. This shows that writing your own algorithm is unwise.

Note also that there are very subtle tweaks to some of the ciphers even in the Round 1 analysis, and that's common in these competitions, from changing subkey generate mode to tweaking S-box values. This shows, first and foremost, that even the slightest changes can adversely affect the security of any standard algorithm, and thus, tweaking encryption or hash algorithms is unwise.