But when the first reused R values appear, everybody knows that the RNG is flawed anyway. And then fixed RNG code does not help you much to protect transactions that were created with the flawed RNG. Let alone the whole problem of users and their browsers' cache, still executing the broken code.