And how do you think generating private keys happens on a computer?

It uses RAND_bytes from OpenSSL. The relevant call is CKey::MakeNewKey.

getnewaddress is in rpcwallet.cpp. It tries to get a key from the pool, and if the pool is

empty it allocates a new one which is populated using RAND_bytes

As others mentioned Bitcoin core uses OpenSSL random sources.

This means that it uses any random source available, like:

the operation system, i.e. interrupts
random sources of the CPU or the chip set
dedicated hardware for entropy generation
So in order to make sure your hardware random generator works with Bitcoin you must make sure it works with OpenSSL.

We've seen operating system RNG's fail silently in really frightening ways several times over the last few years, a belt-and-suspenders approach where silent failure at least gets a best effort bit of entropy-snake-oil (or maybe not so snakeoil: after going and writing a bunch of entropy collecting code I'm more impressed with the performance than I expected) seems to be a clear improvement. OpenSSL's (and libressl's) system entropy randomness generator is also pretty scary (it can fail silently back to snakeoil entropy much weaker than what this code does).

Slated for 0.13 (with the goal of getting rid of OpenSSL dependency by then), opened #7162 to track this

There are many theoretical concern related to OpenSSL's operation as well as Linux's /dev/random (and other operating systems) behavior in general-- and there is a long term project underway to replace it: https://github.com/bitcoin/bitcoin/pull/5885 (and you can see from the comments there, we're well aware of how it works, more so than even the concerns you've expressed here).

That said, these are theoretical weaknesses. In Linux /dev/random and /dev/urandom are the same rng, but /dev/random uses an entropy estimator. The estimator provides basically no value and is often misunderstood. This page has an excellent and correct debunking: http://www.2uo.de/myths-about-urandom/

The "aren't very random" you're quoting is taken out of context-- the context is "The main thing which I am much more worried about is that on various embedded systems, which do not have a fine-grained clock, and which is reading from flash which has a much more deterministic timing for their operations, is that when userspace tries to generate long-term public keys immediately after the machine is taken out of the box and plugged in, that there isn't a sufficient amount of entropy, "--- e.g. context that matter a lot for generating SSH keys, but not so much for Bitcoin.

Beyond the basic operation there, OpenSSL and Bitcoin Core further harden the input with additional timing information.

Finally, the bit of concern you're sowing there doesn't make a relative comparison. It would be no good to chase someone from using Bitcoin Core due to niche and speculative issues to something that was practically less secure.

Depends on your definition of cost-to-benefit ratio:

Cost:  Spending 20 minutes, one time, to create entropy and convert it to a wallet
Benefit: Avoiding 100% of all BS regarding computer-generated entropy sources & algorithms, until the end of time

If you're holding a "lot" of money, some people would rather just remove all doubt.  And the cost of doing so really isn't that high.