Comment 17 for bug 1179380

Yeah, that commit's wrong, unless they're assuming KRandom is a secure PRNG, in which case we should assign another CVE and I'll write a patch for that.