I thought the same thing. How white hat do you have to be to consider ineffective DRM a vulnerability?