Two probably dumb technical questions about proof of stake security

I was reading about how proof of stake consensus works on ethereum.org here but I have two questions:

1. How do we elect which validator actually creates the block? I know it’s random but how does that random calculation work? I read about Randao, but is that model secure enough to help pick a validator? Wouldn’t it be insecure if the randao contract itself was running on the same blocks it’s helping to select who gets to mine? Could a malicious actor exploit how random numbers are chosen here so that they get to always be the validation who creates a block?

2. What is the benefit of having many validators agree on checkpoints? Why is it insufficient to just randomly choose a validator to create a block, and if everyone is running a node with the same consensus rules then nobody would consider using/building on top of a malicious/incorrectly constructed block

Thanks, and sorry if these are obvious/dumb questions