If the generator author keeps a log of the generated phrases users his generator suggested,then it doesn't matter if a generator came with the phrase "upper class koala bear tango" with great randomness.
If I take it and use it as my password, the generator author then has my password in his list.
(If the generation happens on the client of course this doesn't apply, assuming it doesn't also phone home).
True -- but absent logging, it should be absolutely possible to tell everyone how you generate your passwords without making them less secure.
For example, I get 44 bits of entropy from https://atlas.aylett.co.uk/pw/, purely from the randomness of the words. Knowing that I used that script doesn't help you: there's no point in adding every permutation to a list, there are too many of them.
If you don't know that I used this mechanism then you may be worse off, but I can't assume I'm better off.
And obviously I'm happy using my own generator, but the reason I wrote it was because I didn't want to have to trust someone else's :).
If I take it and use it as my password, the generator author then has my password in his list.
(If the generation happens on the client of course this doesn't apply, assuming it doesn't also phone home).