RANDOM() isn't random

[Oni-giri]

The built-in RANDOM() function uses a "PRNG seeded on BLID,SCID,TXID".

This does not result in a truly random number, as it's possible to manipulate the seeds to predict it beforehand. Maybe it should be clearer in the docs? It's a very classic door for exploits, and developers inexperienced with smart contracts may not know it.

From my experience on the EVM, I'd prefer removing it and exposing the underlying hash function.