As I understand it, Electrum uses 128 bits of entropy for its random seed generation, whilst the total space of bitcoin addresses is 256 bits. So by generating addresses using Electrum, you have already vastly reduced (by 2^128) the search space of addresses to perform a brute force attack. Am I understanding this correctly? Electrum is great but this has always worried me.

Not so long ago there was an attack on android wallets because the random number generator was broken. Could something similar happen here?