It's possible a user exportet a single key from his electrum wallet and used it in mycelium (for example). It could get compromised by the bad RNG in android and compromise all keys of the wallet.
Does Electrum have "watching only" copies of deterministic wallets like Armory does? The attacker would need access to that in order to compromise the entire wallet instead of just the single private key that was exported and then used on a vulnerable client.
I just don't ever export private keys from them.
Private keys are called "private" for a reason, the belief of some people that it's a good idea to share them notwithstanding...