Security of PHP’s str_shuffle()

I’m doing some research on PHP’s str_shuffle function, I already asked this question multiply times on StackOverflow but got no answer

I’m interested in how would you break str_shuffle, since PHP’s docs states "It does not generate cryptographically secure random values", hence I’m guessing it can be compromised. But how? What I’ve tried so far is a bruteforce attack wrote about it here:

Why is str_shuffle() used so frequently for generating random tokens? I see alot of this kind of code:

function generate($  letters, $  length = 8) // $  letters is a pool of characters and numbers { return substr(str_shuffle($  letters), 0, $  length); } 

Is this enough for security or not?