The package is experimental and is mainly for developers of cryptographic libraries, not for application developers.

Seems to me that any application that accepts password input should be doing this. I wish more languages offered a reliable way to do it.