And the example above, as ridiculous as it is, is only one level of granularity. How do you define "single-purpose"? Should fetching a URL, performing a TLS handhake, then handling the further symmetric encryption all be handled by the same program, or should that be three separate programs? After all, negotiating the connection is one task, handling the TLS handshake is another, and handling the symmetric encryption is yet another.
>with room for the user to build and add to it.
The most realistic outcome would not be people building a bunch of unique, simple, auditable solutions, but most people building nothing. Most people have neither the interest nor the ability to implement even simple algorithms. Even ostensibly educated computer programmers sometimes fail simple whiteboard interviews where they're asked to implement a simple algorithm in pseudocode.