So, how and why? Just because you can generate in an offline computer it doesn't mean it's secure.
Then what is 'secure'?
AFIAK cold storage is the best option and is very secure. Cold storage is done in an offline computer, does that mean it isn't secure? 
You didn't understood correctly what secure is. If your peovate key is never exposed to internet, how can anyone steal the private key? Reused R values are a problem but it is different matter. Please understand what it is, what you are hoing to tell and then post the correct one.
-MZ
The issue is if the keys in question are generated without sufficient randomness a hacker can find a way to discover these keys, even if it was generated offline. The claim here is because these JavaScript generators don't have the sufficient randomness. If they really have sufficient randomness, please explain how this is achieved or post some material proving this.
Edit: from the advertising space:
Quote
Be very wary of relying on JavaScript for security on sites such as blockchain.info and brainwallet.org. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.