You're wrong on points 5 and 6. Dual_EC_DRBG is not "unsafe" per se; it's just that the constants chosen could be precalculated so as to allow easier prediction of the resulting random numbers. This doesn't mean that the numbers the constant was calculated from are easily calculable by an attacker.
