"secure" in the website refers to predictability. Do you have a source on how to predict rc4?

The RC4 stream has biases. This means you have something like "bit X is slightly more likely to be 1 than 0". This isn't "predictability" in a sense that you know what it'll be, but it's bad enough for certain applications. How much it matters probably depends how exactly you design your RNG, but it seems like playing with fire and is easily avoidable by using a cipher without that property.

I believe numpy.random uses PCG by default. https://numpy.org/doc/stable/reference/random/index.html

Speaking of rc4, what are the reproducibility issues? Quick search on mobile didn't turn anything up. Is it just the "alleged" designation, i.e. no confirmation that it implements Rivest's original cipher?

IRRC The real RC4 was licensed to Novell and used in Notes.

People was later able to use the leaked, alleged rc4 algorithm to decrypt messages encrypted by Notes. That basically confirmed that the algorithms are the same.