For those not following along, /dev/urandom uses a cryptographic pseudo-random number generator when the entropy pool is depleted below the ability to satisfy a request with actual entropy.  CPRNGs are very widely used and very safe.

The weakness that gmaxwell is talking about is that since a CPRNG is deterministic (it is an algorithm that runs on a computer), someone observing a sequence of outputs from it could possibly reconstruct an output that they did not observe.  In practice, this isn't a big deal, because if anyone was in a position to observe the stream, you are already well fucked and they can probably just take your keys directly.

Also, note that he says "potentially interesting".  I'm not current on the literature, but I'm not aware of anyone actually reproducing the missing portion of a stream by using this method.  It is theoretically possible though, and maybe someone has actually done it.  Also, people are aware of the problem and take steps to make it harder.*

A genuine entropy source will provide a stream of bits that have absolutely no relationship to any other bits anywhere in the universe.  Someone watching such a stream go by will not in any way be able to recreate the part of it that you take.

In practice, it comes down to paranoia.  I side with paranoia in theory, but with reality in practice.  As in, I prefer my keys to come from sources as close as possible to actually being genuine entropy sources.  But those suck, so I use RDRAND, EGD, and other sources of high quality pseudo-entropy.  On an offline box, the difference should be negligible.

*  A weak system produces output_i from output_i-1.  A strong system produces {output_i,state_i} from hash(state_i-1).  As long as the hash function is cryptographically strong, observing the stream of output_x doesn't give enough information to recreate state or output_y.  Actual cryptographers (which I am not) undoubtedly have schemes even better than this one.