"RSA has been done wrong"? I see no mention of RSA in the above paragraph
that you quoted.
That's the point. The literature has several examples of RSA being
done wrong, just as with ElGamal signatures. Yet you don't argue that
RSA should be removed from OpenPGP.