On platforms without /dev/urandom PBC falls back on a deterministic pseudo-random number generator, which needless to say is useless for any security applications.

One should note how /dev/urandom differs from /dev/random. A quote from its manpage:

“A read from the /dev/urandom device will not block waiting for more entropy. As a result, if there is not sufficient entropy in the entropy pool, the returned values are theoretically vulnerable to a cryptographic attack on the algorithms used by the driver. Knowledge of how to do this is not available in the current non-classified literature, but it is theoretically possible that such an attack may exist. If this is a concern in your application, use /dev/random instead. ”