The issue is if the keys in question are generated without sufficient randomness a hacker can find a way to discover these keys, even if it was generated offline.
It is very rare and it happens mostly if you reuse address AFAIK. Bitaddress offers sufficient randomness, you can use alpha-numeric characters, special characters, mouse etc..
The claim here is because these JavaScript generators don't have the sufficient randomness. If they really have sufficient randomness, please explain how this is achieved or post some material proving this.
Not all JS scripts. For randomness, use mouse, keyboard and use special characters. See
https://bitcointalk.org/index.php?topic=43496.msg10322571#msg10322571Edit: from the advertising space:
Be very wary of relying on JavaScript for security on sites such as blockchain.info and brainwallet.org. The site can change the JavaScript at any time unless you take unusual precautions, and browsers are not generally known for their airtight security.
You are misunderstanding it. It is says you should be careful when using JS scripts online and it gave Blockchain.info and Brainwallet.org as examples because it is widely used. Brainwallet.org is mainly used for signing transaction. And it says that the JS script can be changed anytime(mostly by owners/co-owners/contributors) and browsers don't have airtight security as the most of them doesn't wipe caches, app-datas and sometimes it will be there forver and when you connect to interent, it may have a loop hole and you will be in danger. None of them matters when using Bitaddress.org in an offline computer and you can make a full wipe of browser-related files and if are paranoid, you can delete everything related to browser and uninstall it and then install it again(if you want).
-MZ.