I was specifically thinking of spectral tests that spot linear congruential generators.
The numbers look random, but the test quickly shows if they were generated by a linear congruential generator (LCG). You shouldn't see these types of pattern in most encrypted data, as NIST publish test results including these same tests for randomness (and many others), to look for deviations from randomness in output of ciphers. Although failing such tests doesn't always get a cipher excluded from use, you need a good reason to pick one whose output is not apparently truly random over one which does.
Ultimately yes, the problem is that if you use these for tokens or keys, the numbers are more predictable than they should be. So someone retrieving a sequence can establish the state of the generator and predict the next token, or at least have a better than random guess at a valid token.
Php feeds the output of a lcg with some other data into a hash function (md5 or sha-1), which should be good enough for most purposes (assuming the other data is hard to guess). I probably should plagiarise but we did some other tricks to mitigate the issue I spotted with patterns in tokens.
