I agree, but it's really theoretical: If the user has write access to the chroot environment, she can just replace the binary or play tricks with the libraries. No way the (then not even run) binary can defend against that. Didn't try it, but I would guess that subverting crypto is /slightly/ easier if you can run your own code instead of just manipulating the random seeds.