Electrum uses python-ecdsa for signing, and python-ecdsa uses RFC 6979 deterministic k signatures.
This means that for any given message (transaction) and private key, the r value will always be the same. However, inversely, if the message is different, or the private key is different, it is guaranteed (as long as SHA256 is not broken) to be different.
SHA256 doesn't make these guarantees. There is a tiny chance that the value is reused. However, it is more likely that you create a new address that is already in use. The chance for this to happen is so small that it will with a high probability never occur in the next billion years. Of course, this assumes there are no implementation errors.
If the private key is recoverable through reused R values, then all keys and addresses in that account is vulnerable.
This is only true, if the master public key was leaked. Since keeping it secret is important to maintain privacy (using the master public key, one can see all transaction from and to your account), it is unlikely that a random attacker has this. It is stored unencrypted in your wallet, though. Does anyone know if Electrum sends the master public key to the server, or does it only send the first n public keys?
