Drop the javascript nonsense and generate the private key with electrum on an offline PC with linux on it. And wipe all persistent memory after done (ex: RAM, printer memory, hard disk, flash drive ,etc)
Who made you think that RAM is a persistent memory? and flash?? WTF?
1) Bitaddress.org
Vulnerability #1: Javascript is known to have bad RNG and all sorts of bugs that may or may not be patched. Especially browser based javascript is so bad, that I don't even keep up with it.
You are a Newbie. You claim to be Expert. Bitaddress.org is one of the most trusted sites. Proof they're not secure and their random is not good. Recreate my private keys for me!
Vulnerability #2: If you use it with Chrome or other closed source browser, then its worse
Most people use closed source OS too.
Don't be a idiot, use GNU/kFreeBSD or GNU/Linux-libre..
JS is known to be full of problems and everyone in the security field says it sucks as hell, I will go with the Electrum option..