This is the proper way to do it (h/t @tptacek): http://sockpuppet.org/blog/2014/02/25/safely-generate-random...
mt_srand() + rand() is just hilarious. The md5(uniquid()) thing is a common randomness anti-pattern in PHP projects that needs to die in a fire.
In PHP, a very brief example of the code to achieve the proper way of generating randomness looks like the snippet I posted in the issue.