To my knowledge and if the used browser does support it, the iancoleman.html script uses strong cryptography randomness functions when they are available, not only math.random(). Rather crypto.getRandomValues() is used which should give randomness more like a CSPRNG (cryptografically safe pseudo random number generator). crypto.getRandomValues() is considerably better than math.random(), though I'm no expert in this field.