This was create by
MDL-73517, when it was detected the we are using RC4 as cypher method for MNet encryption. From the original issue:
2) Create another issue, about to consider moving the "RC4" default to a better one, surely including init vector too.
Note that, in practice... 2) is not critical as far as now all sites run over SSL, hence, data is double encrypted, once by the MNet RC4 implementation, not ideal, and another by the http SSL layer (usually safer).
Also, this needs to be done in a "BC way" so old sites (still using RC4 unconditionally) are able to talk with newer sites using another, better, cypher. That, or explicitly warn that, when this is implemented, older sites won't be able to talk with new ones anymore.