Two examples in the use-cases document (in section 3.1 "Banking Transactions") reference PKCS#1 v1.5 encryption, which is known not to be IND-CCA2 secure. PKCS #1 v1.5 has been known vulnerable to adaptive chosen-ciphertext attacks (e.g. the "million message" attack) as early as 1998. 

Section 3.1 demonstrates an integration with a hypothetical "Gangnam Bank" which we are left to guess that, due to legacy reasons, still using encryption which has been known to be insecure for 15 years. The following paper from 2012 demonstrates a newer, more practical attack and sheds some light on why it is the case that banks would continue to use such insecure encryption and also why such reasoning is obsolete:

http://csf2012.seas.harvard.edu/5min_abstracts/MillionMessageAttack.pdf

"We hypothesise that the reason manufacturers have not upgraded is that the
best known attack on RSA PKCS#1v1.5, due to Bleichenbacher, is known
as the 'million message attack', and is therefore not thought to represent a
practical threat.

In order to accelerate the update of IND-CCA2 schemes, we have devel-
oped a new version of the Bleichenbacher attack that requires a median of
only 15000 messages for a 1024 bit modulus. This makes it a highly practical
threat."

While the goal of this section is to demonstrate integration with a bank, which we can on one hand envision as saddled with legacy requirements for using insecure encryption, the use-cases document itself is not saddled with such legacy requirements. Perhaps we can envision "Gangnam Bank" as a forward-thinking bank which has upgraded its encryption some time in the past 15 years and is now using an IND-CCA2 secure encryption scheme.

I think everyone would be better served by such an example as opposed to one which is known to be insecure.