The idea that Rebol would have its own usermode TLS code is a bit strange--it's something I thought was kind of an unusual investment of effort when I first saw it.
But it is also a bit interesting, in that it means there's an opportunity for people to have a somewhat readable and more "executable spec" version of what's going on to dig into. Not all cryptographic code is very accessible.
Having your own code means having your own vulnerabilities, bugs, and being behind the curve. So decisions need to be made about things like the TLS code...is it something that can be invested in, enhanced, and used as a showpiece of Rebol prowess? Or is it best thought of as some code that has been around and helped serve as a test case and lesson?
Yet if every time a problem comes up with a piece of Rebol code, if it's easier to replace it with some commodity component than to fix the Rebol solution and keep it small and high-leverage--then the project is probably a failed idea. So that can't be the answer to every issue.