I think you pretty much got it already but just to clarify:

$eval(..., N) allows you to evaluate "..." N times.

So $eval($ $+ $rand(1,$0),1) would only evaluate it once. That means it would return the literal text "$1" (assuming the $rand returned 1)

If you evaluate it a second time then it passes through a second time and returns whatever the $1 token is.

Your script contains an exploit as /timer evaluates everything twice. You should never pass unknown content to /timer without wrapping it in $unsafe() :

 on *:text:!pick *:#:{
  var %tokens = $2-, %randomnumber = $rand(1,$numtok(%tokens,44)), %randomtoken = $gettok(%tokens,%randomnumber,44)
  var %randomintro $rand(1,4) 
  if (%randomintro == 1) { /timer 1 1 /msg # Definitely $unsafe(%randomtoken) } 
  if (%randomintro == 2) { /timer 1 1 /msg # Those are terrible choices, but go with $unsafe(%randomtoken) } 
  if (%randomintro == 3) { /timer 1 1 /msg # Yeah, sorry, I can't condone any of those. Try something else later. } 
  if (%randomintro == 4) { /timer 1 1 /msg # Ehhhh. I guess $unsafe(%randomtoken) } 


If you leave it as is then people will be execute commands remotely on your machine or try and read sensitive variables and identifiers.