It’s a “tool for the job” game. I don’t trust a junior developer to write a login system. I’ve found security flaws in login systems written by senior developers who “know what they’re doing TM”. Unless I’m the expert in a given domain, it’s better to trust something written by those experts.

For the record (since it’s fixed anyway), I discovered a common login timing vulnerability on one of our production systems that had been in place for nearly 15 years. Luckily we didn’t have enough traffic for anyone to notice it before me.