This is an awesome article on how the Mersenne Twister, used as a 'random' number generator, allows an attacker to recover its state from 3.3KB of output data. It essentially boils down to a big system of equations, which we know how to solve very well. In addition, its seed is fairly weak in PHP and Perl.

Full title: Exploit Information Leaks in Random Numbers from Python, Ruby and PHP