I am also wondering if ian coleman Mnemonic Code Converter is the best tool as a browser based way to generate offline word seeds and all private, public keys and address?
It is open source and following the BIP39 standard for seed phrase generation and also generating the seed safely if provided you run it in a safe environment by runing it on an airgapped device and also making use of its
utml souce.
is it really 100% secure in terms of randomness of the word seeds?
I think so. But if you are not convenient with that, you can make use of your own entropy by throwing a coin up 256 times, upside as 1 and downside as 0.
I also have some BTC on paper wallet generated on bitaddress.org (offline). is it at risk?
It depends on the source you used to generate the private key and address, if it is
https://bitaddress.org, it is safe, but I can only guarantee safety if done offline especially using its
source on an airgapped device. But, the fee for legacy addresses are higher than segwit, but not that you want to be using it for frequent transactions.