Then we have the classic security problem of using pseudo-random seed. Alarm!
fix it faster to /dev/urandom
As written is the readme, for safe keys it is recommenced to use a passphrase using -s option (as for BIP38).
Concerning the default seed pbkdf2_hmac_sha512(date + uptime in us) , here we search for prefix, which means that a seed search attack might work on very short prefix and would require a very competitive and expensive hardware.
YES! moreover, I guarantee you that the mult of montgomery is a source of slow, especially for GPU.
...
As written is the readme, VanitySearch use now a 2 step folding modular multiplication optimized for SecpK1 prime.