One could argue that effectively centralizing the security in a single protocol may make it more vulnerable to exploit compared to the random/heterogeneous 2nd party solutions.

Yes that is the debate focus point between layer 1 anonymity and layer 2 anonymity.

Since TCP/IP is very hard to change, if a major vulnerablity would have been found since it's implementation like MD5 which was a standard hashing algo back then turns out to be rubbish by now.

That would have been a crucial failure if we'd have to swap the entire internet right now.

However if there is no anonymity by default then you always go back into the hamster on a wheel problem.

Most people are ignorant, they don't know why privacy is good for them, and they can't possibly concieve how the lack of privacy will come back to them in forms of identity theft, real theft, and other kinds of bad things that come from knowing too much about somebody.

So the debate is between security vs privacy.

You either have something very simple as core layer with no privacy, just basic stuff to keep it simple and secure.

Or you have full privacy built in it, and then you risk the algorithms becoming weak later once some flaw is discovered.

This is the debate between BTC and Monero as well. I'd personally like the Monero concept better, if enough research would go into making sure the enryption is solid and flaweless.