Especially because /dev/random's ability to block when it doesn't have enough entropy is dependent on accurate entropy estimation. Since the entropy estimator isn't accurate (it can't be, it's an undecidable problem) there will be attacks possible on the entropy estimator, either causing it to block when it shouldn't (DOS) or output data with insufficient entropy.