The JavaDoc for the SecureRandom() constructor contains the following text: "This constructor is provided for backwards compatibility. The caller is encouraged to use one of the alternative getInstance methods to obtain a SecureRandom object."

There is no good reason for this recommendation. In fact, it is often preferable to call "new SecureRandom()" because it automatically chooses the default SecureRandom implementation for the platform. This is not possible by calling getInstance(), which requires the algorithm type to be explicitly specified.