[Test0129]

There's no hard, fast rule for when a weak PRNG is bad except in the obvious use cases - salts, etc. There's no reason you can't use a weak random number generator for generating a password. It only becomes a problem when you have a bunch of passwords, stored in the same place, generated with a weak PRNG, AND the adversary knows the PRNG and how they were generated.

It really comes down to threat surface and likelihood of attack. CSPRNGs are cheap enough to run that you can just use one all the time these days with no loss. The problem is the esoteric math they rely on means that you're giving up some control of your threat surface (unless you understand cryptanalysis with modern crypto). So generally, you can just always use a CSPRNG due to cheap execution time, with the understanding you then become vulnerable to attacks like the ECC attack where adversarial mathematicians know more than you about your own security.