Bitaddress.org could easily be compromised.
Ask yourself:
How do you know the random number generator is truly random?
I would throw in a few manual changes to the private key it gives you.
How can I go about doing that while making sure it's still a valid address? I know there is a checksum at the end or something but I don't know what I can change in the address.
How do you know the address are being correctly derived from the supposedly random private keys?
I would check the private key / address pair against other bitcoin software to make sure they match.
That's what I do at least.
Thanks, that sounds like a good idea. Maybe grab html from brainwallet.org, bitaddress.org, and a third like