[rsc]

math/rand is not the speed bottleneck for just about anything, but it _is_ a security weak point in many systems, including systems where you wouldn't at first think there was a security aspect. It makes sense to improve the security at the cost of a (tiny) bit of speed.

Code that needs speed can still use rand.NewPCG of course.

As for why have two, for key generation the OS kernel (what crypto/rand provides access to) can take care of more sophisticated problems like suspend-resume state forking attacks and the like, so you are still better off in the limit using crypto/rand for key generation. But if you accidentally use math/rand, it's no longer as big a problem.