I don't understand the code well enough to answer your specific concern.

My biggest concern at bitaddress.org is the use of external javascript files. This gives the host of those files the possibility to execute any javascript on the page. They could easily insert a function that sends the private keys to a third party website. If that's done only 1 of 10 times, it's hard to get caught.

Also, a week ago when I was trying to teach my college how to create a wallet, bitaddress.org displayed invalid security certificate -errors. Needles to say we stopped using the site immediately. Was a pretty embarrassing situation for me.

I'm taking a look at cascasius's address utility that included Bip0038 two factor encryption. This post on reddit made me curious:
http://www.reddit.com/r/Bitcoin/comments/1q7inm/this_paper_wallet_now_contains_0225_btc_and_is/