Regarding the in-browser API, that's a really cool idea. We've added it to our product backlog.
Our sign-in flow is definitely not standard. We thought email-only might be easier for people (since you don't have to remember or set a password) but it seems like it's probably better just to have standard username/password.
Also really good feedback on the pricing plans, we'll get that added ASAP (I think this will also tie into your question #4).
I'll also add that we're considering open-sourcing our implementation of raw hardware bytes => data as a way to build trust and transparency in how we're generating data.
Hey thanks for the great questions! Happy to elaborate on anything below if it's helpful.
1/ It might be easiest to define in terms of suitability for a particular application. As you probably already know there are a number of industry tests which are useful in evaluating the effectiveness of a random number generator (Diehard, NIST, etc). Our service is built on top of industrial-grade hardware that passes these tests and is suitable for use in cryptography.
2/ Great question. It's easier to reason about in the context of specific use cases. For certain applications it increases trust to outsource RNG to a neutral third party that doesn't have a stake in the outcome.