The advantage of open protocols, like for example TLS, is that they have withstood the test of hackers and cryptographers trying to break it for years. This does not mean they won't get broken, but it is much easier to estimate a time frame for it to be broken. For example, I wouldn't use SHA-1 and especially MD-5 for an application that had to be secure for five years, but I wouldn't be as worried about using AES in a similar application. Because I can look up all known attacks against that algorithm, or ask someone in the field.
A closed protocol could be broken in minutes once a determined expert starts researching it. It may have taken years from the day that RFID tag was introduced to the moment it was hacked, but how much time did the researcher spend? How does this compare to the time you would need to invest to find a flaw in say TLS, even if you were determined? The good thing about crypto is that the US government uses it a lot, so if the NSA was aware of an attack on AES, for example, then they would certainly push for new encryption standards. Or try to fix it, like in the DES S-box case.
You bring up a good point about limited time that something is secure. I think a few years ago is a bit pessimistic, MD5 was certainly superseded by SHA-1 at least ten years ago. So choosing the best algorithm available in 2000 would probably have given you SHA-1, something that you wouldn't use in new designs today, but it is still usable for many applications. 3DES encryption, which has also been around for 10+ years, is still acceptable today, although you would use AES for new implementations. In general I would plan for any secure system to receive updates, however, either because of flaws in the cryptography, flaws in the implementation, or design flaws. Preferably updates via internet with a default admin password
.