And how do you think generating private keys happens on a computer?

It uses RAND_bytes from OpenSSL. The relevant call is CKey::MakeNewKey.

getnewaddress is in rpcwallet.cpp. It tries to get a key from the pool, and if the pool is

empty it allocates a new one which is populated using RAND_bytes

As others mentioned Bitcoin core uses OpenSSL random sources.

This means that it uses any random source available, like:

the operation system, i.e. interrupts
random sources of the CPU or the chip set
dedicated hardware for entropy generation
So in order to make sure your hardware random generator works with Bitcoin you must make sure it works with OpenSSL.

We've seen operating system RNG's fail silently in really frightening ways several times over the last few years, a belt-and-suspenders approach where silent failure at least gets a best effort bit of entropy-snake-oil (or maybe not so snakeoil: after going and writing a bunch of entropy collecting code I'm more impressed with the performance than I expected) seems to be a clear improvement. OpenSSL's (and libressl's) system entropy randomness generator is also pretty scary (it can fail silently back to snakeoil entropy much weaker than what this code does).

Slated for 0.13 (with the goal of getting rid of OpenSSL dependency by then), opened #7162 to track this

There are many theoretical concern related to OpenSSL's operation as well as Linux's /dev/random (and other operating systems) behavior in general-- and there is a long term project underway to replace it: https://github.com/bitcoin/bitcoin/pull/5885 (and you can see from the comments there, we're well aware of how it works, more so than even the concerns you've expressed here).

That said, these are theoretical weaknesses. In Linux /dev/random and /dev/urandom are the same rng, but /dev/random uses an entropy estimator. The estimator provides basically no value and is often misunderstood. This page has an excellent and correct debunking: http://www.2uo.de/myths-about-urandom/

The "aren't very random" you're quoting is taken out of context-- the context is "The main thing which I am much more worried about is that on various embedded systems, which do not have a fine-grained clock, and which is reading from flash which has a much more deterministic timing for their operations, is that when userspace tries to generate long-term public keys immediately after the machine is taken out of the box and plugged in, that there isn't a sufficient amount of entropy, "--- e.g. context that matter a lot for generating SSH keys, but not so much for Bitcoin.

Beyond the basic operation there, OpenSSL and Bitcoin Core further harden the input with additional timing information.

Finally, the bit of concern you're sowing there doesn't make a relative comparison. It would be no good to chase someone from using Bitcoin Core due to niche and speculative issues to something that was practically less secure.

Depends on your definition of cost-to-benefit ratio:

Cost:  Spending 20 minutes, one time, to create entropy and convert it to a wallet
Benefit: Avoiding 100% of all BS regarding computer-generated entropy sources & algorithms, until the end of time

If you're holding a "lot" of money, some people would rather just remove all doubt.  And the cost of doing so really isn't that high.

That depends.  If the private key that you are attempting to "guess" was generated from a non-random source (such as a passphrase or faulty random number generator) and you know something about how it was generated, then it may be possible to guess or generate the same key.

No, "rewriting" the blockchain will not enable you to forge a signature. You either have to break ECDSA (or the specific curve used for bitcoin) or get the private key in question. Also not every single line of code within bitcoin core is needed for the protocoll to work. A large portion is the wallet part that is not required.

EDIT I just saw a thing on the Lightning Network which I didn't 100% understand but get enough of to see it is different than this (off chain) would Alan not be the perfect remedy to prioritized tx?