2. There are no truly random number generating algorithms. They're predictable. They will generate the same numbers in the same sequence until the end of time; you're more random than that, so they use you and your computer interaction as a source of randomness.1. Import your own public key into gpg and look at it. Also, any program that doesn't even ask how many bits you want to use is either written by very good people who know to use big ones, or very bad people that I wouldn't trust.3. I don't know how the program uses your computer interaction as a source of entropy, but I suspect there will be subtle differences. Besides, pseudorandom number generation algorithms generate enormous ranges of numbers and usually your computer keeps its place between boots (that's "seeding" the entropy).4. It's to protect if SR is compromised and your order is still processing. It's also to protect against the vendor getting pinched and the law using his account. If your address is plaintext, well, you're their next person of interest (or they'll at least inform your local PD I should think). Basically, it's just a risk that isn't necessary. But it's not so that nobody can listen in. You're right, Tor protects against that (but only WITHIN the network, not outside it).