Perhaps I misunderstood but ...
Some of the discussion concerns feasibility of governments, commerce, etc., creating in-house encryption technology rather than reliance upon external suppliers. I grasp how such reliance may have been necessary for all but very big players during the early Cold War period but not in its latter days nor now.
Enigma machines were mechanical and, presumably, later variations on the theme were electromechanical. Given expected large traffic flow, pre-WW2 encryption/decryption using cypher clerks with pencil and paper became impracticable, so mechanical aids were introduced. Design and manufacture was both a highly skilled task and very expensive. Recipients of these devices would indeed be unwise to attempt their own modifications to the mechanism, there being risk of a botched job increasing vulnerability rather than improving security.
Gradual post-WW2 introduction of digital computers could not at its early stages easily benefit people engaged in encrypted/obfuscated communication. National agencies in some NATO countries and in the USSR immediately latched onto the new technology as aid to breaking encryption but rarely could deploy it to enhance encryption when messages were transmitted between local 'head office' and remote outposts; early digital computers were expensive, took up a lot of space, were temperamental, and required dedicated technicians to keep them operating: hardly things to be installed in the average embassy and consulate. Similarly, for military communication it may have been feasible to house digital computers on aircraft carriers for secure communication with base but not on aircraft, submarines, or with mobile ground forces.
Only upon advent of minicomputers and especially of what now are known as desktop devices could centres communicate at higher levels of security with peripheries, and could outstations thus communicate amongst themselves.
Software mediated encryption/decoding changed the game utterly. It cannot have been widespread much before the 80's and soon thereafter it became common in commercial settings and eventually for individual users. As someone here mentioned, home-brew encryption algorithms are fraught with dangers unless devised, and evaluated, by highly skilled and experienced people. However, there is little need for this other than in centres like the NSA, GHQ, and equivalents elsewhere. Open source algorithms, most scrutinised by many people outside state agencies, have been available for three decades and more. None such can be declared free of vulnerabilities, these either intrinsic or arising from a range of code-breaking techniques some of which are brute force and others more subtle; as supercomputer technology advances and becomes more cheaply available then so must feasibility of even brute force methods.
Yet, that's not the point. Nobody, professional or amateur, need fiddle with extant algorithms or attempt to make new ones in a hurry. A set of algorithms can easily be assembled to sequentially encrypt/decrypt. Indeed, this nowadays is commonly done. For very secure communication among designated individuals the chosen algorithms and their order of use can be kept private. For general use, openly published combinations offer considerable resistance to brute force attack. Nowadays simple 'consumer' devices are capable of immensely complicated computation with multiple algorithms.
One assumes agencies intent on decrypting private communications (military, diplomatic, commercial, personal, and criminal) have developed elaborate automated means for digging into encrypted communications to gain insight into the techniques used and to best target known means of attack. However, even these tools can be stymied, as we shall see, by very simple means when communication is between designated persons/agencies (e.g. embassies) each in possession of the master template.
What fool would these days use letter substitution? A non-fool might incorporate this obfuscation technique in his sequence of algorithms. What's more letter mappings could be triggered to differ according to some simple circumstance dictated by the message sender and known to the recipient. Incorporating naive obfuscation methods, of which there are many, into sequential encryption makes more difficult the task of code-breakers imagining their opponents to be highly technologically orientated. Another, rather better, simple minded approach entails taking the entire message as a sequence of binary digits and then interleaving the digits according to specified (changeable between messages) rules. Even should the attacker be able to break complicated individual algorithms by subtle means he is obliged to consider need for brute force at unspecified stages in the decryption process; the longer the message (perhaps padded) the greater the force needed. The upshot being of simple obfuscation, not necessarily resource intensive, adding confusion to the mix.