In short, if you are talking about the security of encryption, you should also be talking about key management. Or maybe especially so. Therefore, a well-known saying (at least among security experts) is, "Hackers don't break encryption, they find your keys." We need to worry less about breaking the algorithm and focus more on handling keys. Key management is an integral part of the whole of encryption. You cannot say that you are not weakening the encryption (for example, because you are not modifying the underlying algorithm) if at the same time you are tinkering with the key management or configuration.