mod_ssl's 'builtin' random seed uses uninitalized stack memory as random seed. This is undefined behavior in C and can cause other seemingly unrelated code to be optimized away. See http://kqueue.org/blog/2012/06/25/more-randomness-or-less/ for an example. Also the docs are wrong in that it claims that the scoreboard memory is used as seed, which is not the case.
+1 I think today httpd should use apr random functions and should not have own random functionality.
Doc have been updated in r1832346 to be consistent with the code. Your suggestion is still relevant, but at least the doc does not lie anymore :)
I think we can consider this fixed as of r1877467 for trunk. Docs updated in r1880564.