I think that the author is more interested in the design of the encryption algorithm rather than the specifics of the reference implementation provided. So yeah a dodgy prng was used but is there anything wrong otherwise - i.e. something inside the algorithm itself that reduces its efficacy and makes it vulnerable.
Well, if they would provide an actual implementation rather than a reference implementation, then I would break it. Breaking cryptography often depends on breaking implementations, not breaking the underlying theory. That's why AES-CTR is theoretically secure but so deviously hard to actually implement.
I note in the comments that the random number generator is not secure in any way. Its just a handy thing for testing, not something you would use in real life.
I like the idea of mutating both the output and the key. You are using it for a single pass over the length of the data. You could use the final key as input to another round of crypto. Repeating it for a number of rounds would keep it deterministic, but increase the computational load of an attacker and create an even distribution of input to output. Ah, problem could be that decryption would need the final key, not the one you started with, if so it would be good for a 1-time hash. So the key idea for the crypto is the nuking of the part of the key that was just used for the xor. Thing that concerns me is if the attacker has access to your crypto in binary form, he could run it again and again on different inputs (data,key) to infer its structure - you'd want to slow him down.
Ill try to put together a "test" for the algorithm.