His article specifically mentions that the threat is with the public key exchange, not the encryption that happens after the key exchange.