Well this is bad. Just checked the code, `RandomState` invokes `wasi::random_get()` on wasi target. It means virtually every std program in Rust would require random number generator privilege in the upcoming WASI unless the author intentionally avoid using default HashBuilder and somehow treeshake the stuff out(?).

This seems to be a fundamental conflict of interest between server-side programming and client-side sandboxing. Now the preventive security measures cost us not only performance on the table, but also privilege spam.