No, that's not what he's saying. He's saying that making the TLS CBC constructions secure is hard. They were designed in the 1990s. Making a CBC implementation secure today is much easier.

Indeed, just about every brand of SSL load balancer was doing it wrong:

https://www.imperialviolet.org/2014/12/08/poodleagain.html