[raverbashing]

Of course. But there are a lot of needs for random numbers that don't need the random numbers to be secure.

[dlitz]

Most developers don't know how to make that distinction, and even savvy ones know better than to take the risk of being wrong.

It's 2014. There are well-funded governments and organized crime attacking our systems. If downstream developers still have to ask the question, "what kind of random numbers does this API provide?", then it's a bug in the platform.

[azinman2]

In which case rand and the like really should be renamed unsecure_random to prevent confusion.

[raverbashing]

Fine by me