<tin foil hat>
Is it plausible that the NSA chose to leak enough "hints" that lead to apparently-independent discovery of things like BEAST and M-t-E, making reverting to older and known-broken cyphers like RC4 seem to be "the correct pragmatic decision" (quite possibly seeding those discussions with ideas that lead even completely innocent open source developers to choose and justify why they've just baked crypto that's completely vulnerable to un(publicly)known NSA exploits)?
(It's a little hard these days to know what's a "paranoid fantasy", what's an "interesting cypherpunk plot", and what's "a realistic and/or confirmed NSA threat" - at least for me…)
If by "leaking hints" you mean "screaming at the top of their lungs in public protocol design discussions not to do it this way until they got sick of being nibbled to death by committees of ducks and gave up" you might be interested in looking into the papers of one Ex-NSA P. Rogaway.
(It's a little hard these days to know what's a "paranoid fantasy", what's an "interesting cypherpunk plot", and what's "a realistic and/or confirmed NSA threat" - at least for me…)