I think this was a matter of time. Maybe there are safe online seed generators, but the best way is to generate it offline.
In my opinion the IOTA team should add an second factor (password) for their wallet, so even if the seed is public, the withdrawal of funds is very difficult (of course the choosen password has to be strong).