I will argue that 256 coin flips from random.org is the best random number possibility available. And assuming that you push the results through an offline computer using brainwallet offline, you will have a VERY SAFE, VERY RANDOM private key.
LOL. A "VERY SAFE" number which is trivially known to a third party. Is someone at "random.org" paying you to encourage people to have them generate their private keys, or did you come by this cluelessness naturally?
I haven't looked recently but last I checked random.org methods were secret and not peer reviewed. So not only may the results be trivially maliciously logged (by the site operators or anyone whos compromised their system; or the operators of the VPSes they use (rackspace cloud)), they're probably more likely to be accidentally flawed because their methods are not reviewed.
A. Attacking an idea or postulate is a great thing. Attacking a person and calling them "clueless" is
ad hominem and is below your status as a moderator of this board.
B. Random.org is peer reviewed here
https://www.random.org/media As well as tested by third party orgs like
http://www.ecogra.org/ Their methods are not secret but they are not public either.
C. So lets examine your logic: Since random.org (peer reviewed, certified and in business since 1998) creates a buffer in advance full of billions of ones and zeroes and since it uses https, someone could log the front end usage of these ones and zeros after they leave the buffer and before they hit the https (side note on magnitude: these ones and zeroes from the buffer are used for ALOT of different applications on the site other than coin flips), track the usage by ip, collect and then echo the data once an ip pulls precisely 256 bits of data, run the bits through a key generator, (also try various combinations of the 256bit sequence like only look at the last 256 bits, since the first x bits could have been a test), create a database to collect all of these new bitcoin address and repeatedly query the entire blockchain to see if any of the addresses are extant. If any one address is extant and holds bitcoins, import the corresponding key into a wallet and steal the bitcoins. OK... I will concede. This may be possible. Its not likely considering the high level access, the subterfuge necessary, and the high number of bitcoin addresses to generate & query; not probable, but maybe possible.
So to test your theory I am going to publish a bitcoin address that I created using random.org, leave some BTC there and see if they evaporate. If they magically walk away, then we will know that someone at random.org is malicious. If nothing happens, then Im going to stick with my "SAFE" comment. I will however add a note of caution to the thread warning people that 1) They could get struck by lightning today 2) Earth could get destroyed by a meteor in the next 5 minutes AND 3) Somebody at random.org might guess your intent out of the millions of possible intents by those who use this service, parse through the data looking for precisely 256 bits of interesting target data turn them into a bitcoin key and steal your BTC.
Dear Mythical Hacker at Random.Org: I created this address with the coin flip service on 02/07/2015. I flipped 8 coins at once using Polish Zloties. I pulled precisely 256 bits of data from the buffer to make it easy on you. Please steal my bitcoins.
Here is the address: 1DcS5pEgjnLGJ43h7znVxdcxMfx6pfaZvA