Re: Strong crypto is not a magic bullet
It usually depends on how secure do you want your stuff. People or organizations that are really, really security-oriented or need to have something hard to break should get an HSM (Hardware Security Module) and use that to encrypt everything. Why? Because an HSM is FIPS 140-2 certified, tamperproof, and will keep the crypto keys in such a way they can't be extracted out of said HSM.
Of course, even then if security isn't hardened around the servers that have direct HSM access you can still end up getting everything compromised (mostly if you don't enforce Level 3 compliance, anyone can use said HSM and thus decrypt stuff without getting asked for password/token validation). But well, it can be done.