Math.random() is not intended be a _good_ source of random -- it's essentially expected to be on par with C's rand(), although IIRC most implementations are better.<p>There are APIs for cryptographically secure random numbers, but Math.random() is not it.