Probably not what you were looking for...

[davedevelopment]

...but the first thing I saw was the boolean constructor argument and I didn't like it :)

Not sure this is the best fix for it, but you get the idea.

Everything else looks good to me.

[EVODelavega]

:-1: The suggested SecureRandom class breaks the contract Random imposes. Though PHP does not require compatible constructor declarations, IMHO, it's a bad idea to have extensions set a bad example. Child classes can only add optional arguments, but they can't enforce different/stricter type requirements and all that (The Liskov principle)