If the output of random.php is public information, I don't see any security issues when you place random.php in the public folder.
If you want to integrate it in Banshee, you can create a new page and add the content of random.php to the execute() function of the page controller. You can use $this->output->disabled = true to disable to output library. The XSLT sheet for that page is then ignored and all output that has been printed is sent to the browser.