CVE-2009-1696 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1696): WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 uses predictable random numbers in JavaScript applications, which makes it easier for remote web servers to track the behavior of a Safari user during a session.
Presumably all affected versions are gone from tree. Closing as discussed with keytoaster.