So far I have been using PHP to create cryptographically secure random values, with openssl_random_pseudo_bytes. I would like to generate a cryptographically secure token within a stored function, is RAND() what I am looking for, or is it not cryptographically secure?
RAND() is not meant to be a perfect random generator. It is a fast way to generate random numbers on demand that is portable between platforms for the same MySQL version.
If developer says that he didn't develop his function to be perfectly random for me it means a function is probably not perfectly random. And for cryptography you want as random as possible.