For example, if somebody just create one million private keys and run one million wallet programs at the same time, he would much likely receive some output that paid to one or more private keys (addresses maybe) he generated, and thus steals others' money
I'm not sure what you exactly mean by this. If you are talking about possible collisions, then that is statistically impossible (highly improbable*):
There are 2^160 possible addresses (IIRC), which equals to: ~1,460,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000.
Vanitygen can produce 20 million keypairs per second. Lets say you build a super ASIC on 12nm (4 generations ahead of current tech) process that could create, validate, and steal one trillion keypairs per second (1 TK/s). That would be about 50,000x more powerful than faster GPU today. Lets also say you built a thousand of them and ran them continually with no downtime 24/7/365. In 1 year you could brute force 3*10^28 possible addresses.
If there are 1 quadrillion funded addresses you would still have a ~1% chance of colliding with a random funded address in the next 1,000 years.
People just aren't aware of how huge these numbers are.