no guarantees that this won't change in the future

Indeed, just yesterday on P5P: Should we upgrade to a new PRNG in core?

And a relevant note from that thread by Russ Allbery:

The most secure option is to not use any type of pseudo-random number generator and instead rely on /dev/random. If your concern is security, you should not use rand and you should not use any other new algorithm that similarly does not use /dev/random. ... If /dev/random is available and you want random numbers for security purposes, you should just use it via Crypt::URandom, Crypt::Random, etc.