no system is perfect, and options add complexity.
if Oauth 2.0 is soo bad, why would big-name players on the web use it?
and if there is a flaw, Oauth 2.1 or Oauth 3.0 would likely fix it.
i think it's a lot riskier to roll your own security than use an established system, especially if you are just starting out.
BROWSER STATS [% share]
(2013/10/31) IE7:0.5, IE8:8.6, IE9:5.3, IE10:12.3, FF:17.7, CH:41.8, SF:8.1, MOBILE:20.4