Python and crypto-strength random numbers by default

This was precisely my thought. It doesn't require changing the documentation at all, as you still should use the explicitly secure one if you need it, to avoid attacks that rely on a module silently degrading random.random. But it "fixes" the vast majority of the naive code out there.