There's the problem with keystream reuse, yes, and also the problem shared to some degree by CBC and OFB (but not ECB) that's at its worst in CTR — that you can flip single bits in the plaintext by flipping arbitrary bits in the ciphertext. (But of course that's why you use a correctly-implemented MAC, right?)

I concur with you that new cryptographic protocols are likely to be flawed, and your recent blog post on that subject was excellent reading.