I suppose I should have posted that rand_getbytes returns an error if there is insufficient entropy pool, so any answer it returns should be as strongly crypto-random as the first.
Thanks. I really appreciate the help. I couldn't find rand_getbytes, grepping through both the bitcoin source and the openssl source, though. Did you misremember the function name, perhaps?
As long as there is some verification (either in bitcoin or whatever part of openssl that bitcoin uses) that there is sufficient entropy before generating the first address in a new wallet, that would definitely put my concerns to rest.