Inspired by
Topic: Physical device to generate public/private key pairs and
Topic: Proposal: Hardware wallet.
In short, these topics' starters are thinking about how to create a simple hardware wallet, maybe USB driven, with a simple API that (obviously) doesn't include anything like exportprivatekey(), but does include such things as signtransaction(), and a hardware button to approve the transaction. Such a thing could also work over NearFieldComm, wifi, bluetooth, etc, for day-to-day use when buying cigarettes.
Well, I got to thinking about random number generators. Wouldn't a feasible attack be to reverse engineer one of these devices, find out how it generates random numbers, and capture its factory-initialised entropy state. From there, you could try to work out probable values for the random number sequence it might generate, and so derive a series of probable private keys. Then scan the block chain and profit!!!
The only way to eliminate this threat would be to include a real random number generator on board. e.g. a sensor that measures thermal fluctuations (or any physical variable) at a high frequency to a high precision but with low accuracy. Or, even better, a sensor that measures the polarization state of single photons. Yeah quantum RNG rules.
edit: Hah! It's already a noted problem:
Weak RSA Keys Plague Embedded Devices, But Experts Caution Against Panic