If a proper open source system has a component that enforces DRM, and is functional when I download it, then it includes those keys; but gives me an unconditional right to use and modify it. And I am physically able to modify it, un-implementing those restrictions.
If part of the system cannot be modified by me, then the whole is not open source, and any open source system such as Firefox shouldn't include that part or standard.
This issue reflects the way that people have had very different ideas about what the point or purpose of free and open source software is (in some ways, reflecting the split between people who preferred to say "free software" over "open source" and vice versa).
It's also a very concrete issue today in whether people call, say, the Chrome browser "open source". Most of their source code is downloadable, derived from the fully open-source Chromium project, but in Google's current practice, users never get the complete source code to the Chrome binaries that they run. If you're focused on the development process, it might almost make sense to call Chrome "open source" because almost all of its source code is distributed, licensed, and developed in an open source manner -- but if you're focused on what users can do with the software, it's obviously just a proprietary application (with a proprietary EULA, to boot).
Of course, if you do that you may as well just not release the source code at all, because there's no way for the user to tell that the binary does actually correspond to the source without also being able to extract the encryption key and break the DRM.
Some people think that publishing source code is first and foremost a way to get other people to collaborate on its development, not to ensure any particular rights or knowledge or safety for people who end up using the software. For example, you could imagine a consortium of people who each make a super-proprietary locked-down thing and they publish and collaborate on the code of some libraries that their respective locked-down things need. They actively do want other locked-down thing makers to comment on how to make the code better and contribute patches, but they actively don't want customers to use that knowledge to make the thing less locked-down (or to be able to verify what it does or doesn't do).
This is a situation that we often encounter in the real world, and in fact some of the locked-down thing makers are even surprised when people say the contrast in their behavior with respect to these audiences is strange or hypocritical, because they didn't know or didn't remember that other people think software freedom is partly or mainly meant to benefit users.
"Open Source" definition does not include any clauses that require hardware manufacturers to provide you encryption and/or signing keys, so you could run your code. GPLv3 and "Free Software" are what you're looking for.
As I said in another comment, people who usually say "free software" are more likely to think that preventing restrictive downstream products is an important goal than people who usually say "open source". But that doesn't mean it's part of the definition of what it means to be free software.
EDIT: I also think the comment the parent replied to was right to say "then the whole is not open source". BusyBox is both free and open source even though its license allows it to be included in the locked-down TiVo -- but the TiVo as a whole is not open source.
So would you say that firefox is open source now? If they implement this as a plugin, what makes it technically different from using Flash?
That's why they have to obfuscate things at the code level too.
