The holes still exist. One was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program.
PayPal is working to close the holes.
"Anyone attempting to generate random numbers by deterministic means is, of course, living in a state of sin." -- John Von Neumann