I have heard that bitaddress.org generated address was crackable but not anymore now.
It isn't.
According to this old GitHub issue (
#35), it was possible to generate private key with low entropy if user don't move the mouse. But i doubt it's what @fred21 meant since user usually move their move.