I'm not sure, but :
1. The email stated RC4 ("arcfour random") is one of the problem
2.
securerandom.js on BitAddress source code use RC4.
https://github.com/pointbiz/bitaddress.org/blob/72aefc03e0d150c52780294927d95262b711f602/src/securerandom.js#L58I'm not an expert, but if the condition is simply using secureRandom then Bitaddress does
use it and the repository hasn't been updated since 2016.
The email clearly stated that depends on variations of SecureRandom()
There are a substantial number of variations of this SecureRandom() class in various pieces of software, some with bugs fixed, some with additional bugs added.