A compromised computer producing not truly random numbers is unlikely to produce a collusion after two 'random' events. They will rather produce random numbers in a smaller space. The output will appear random without testing, but someone with knowledge of the specific space numbers will be generated will be able to generate a collusion with fairly low effort.
The movement of the mouse is intended to counter the above risk in adding user specific random to create a larger space of possible private keys even if the computer's random function is compromised.
If computer/OS random function (such as
/dev/random) is compromised, then that means your computer most likely is compromised as well since you need superuser access to compromise it.
It's different case if there's malicious update by OS provider or OS's random function had vulnerability to begin with.
Besides, good entropy won't help if the output is biased.