Modern DRM schemes use one-time keys. E.g. you can pull down a video stream, but you have to respond with your session ID and a login token which they then verify against subscriber information.
And the whole point of DRM is to allow content providers to enforce the restrictions they place on content distribution contracts. For example, if there is a flag that says "this content can only be played on cell-phones and tablets" they want to ensure that any player that can play the content honors that restriction and doesn't allow output via HDMI.
Naturally some people will be able to defeat them, but they're not meant to be ironclad. They are effective for the majority of people out there who aren't hackers/nerds.
