I think the idea is to be fast by avoiding system calls and using fast primitives underneath, and to unreversibly garble the internal state quickly. I don't see very obvious applications for this though. If you think your computer is leaking internal state, you have bigger problems. Otherwise, use getrandom() to seed your favorite stream cipher.
I do want to look at this more closely, because if DJB thinks it is worthwhile, there is likely to be something to it. But it doesn't jump out at me after the quick glance that I took.
Well the lib is from 2008 where randomness story looked worse. Might be worthwhile back then.
Also
> Another virtue of having a randombytes() abstraction layer is that test frameworks can substitute a deterministic seeded randombytes() providing known pseudorandom bytes for reproducible tests. Of course, the randombytes() provided by these test frameworks must be kept separate from the fresh randombytes() used for deployment.
