If the directory had a random name, the attacker could see that name and recreate it after /tmp is flushed.