How secure is this code to generate Address-Key pair?
the biggest problem with this library that i see is lack of tests. a cryptography library that deals with sensitive things such as ECC must have a lot more tests than the handful of them this library has in BitcoinECDSATest.php
so i wouldn't use it for anything important.
Also, what if I keep $extra = 'FSQF5356dsdsqdfEFEQ3fq4q6dq4s5d' at L:852 as is? Will it be possible to re-generate the Address-Key pair if I dont change this?
that "extra" is used while generating a random key, with or without it you won't be able to re-generate the same key. it is used as some sort of extra entropy to be appended to the entropy generated by OpenSSL (according to the method name) and then hashed using SHA256.
but usually these extra entropies are generated on the fly not hard coded.