MCRYPT_RAND should removed from PHP 7.0 so that developers are discouraged from using it in production systems or in frameworks used by other developers. MCRYPT_RAND is a constant that instructs mcrypt_create_iv() to use a non-cryptographically-secure entropy source. While IVs do not have the same secrecy requirements as a private key, they should be unpredictable. Using MCRYPT_RAND is therefore unsuitable for cryptographic applications.
The following changes should be made:
The MCRYPT_RAND constant will be removed, and support for it will also be removed.
This proposal should be considered for the PHP 7.0.
Include these so readers know where you are heading and can discuss the proposed voting options.
State whether this project requires a 2/3 or 50%+1 majority (see voting)
The patch (and a relevant discussion) is already on GitHub