RT @yaypie: So, um, it’s bad that Chrome, Safari, and Firefox all allow me to set window.crypto.getRandomValues to my own evil function, right?