Ugh, I just remembered that I need to patch Net::Random's docs to include dire warnings about using it for cryptographic or authentication applications, like I promised on the perl-crypto list. Hopefully by writing about it here it'll stick in my brane until I get home this evening :-)
The reason is that the random data comes from a third party and transits untrusted networks without being protected by (eg) SSL. I'm quite confident that the data is indeed random and so suitable for use in such applications. But there's no guarantee that someone else hasn't retained a copy of the data. Which makes using it a potential risk.
That's not to say that you shouldn't use the data like that. You just need to be aware of the risk so you can do your own risk analysis.
It could also do with some better tests. I don't need to test that the data is random (you just have to trust the third party data sources) but I do need to test that I'm not introducing bias in my data-munging. I'm pretty damned confident that I'm not, but it should be tested anyway.
