I've dug into this a bit more, and it seems I got some wires crossed somewhere.

Widevine L1 (the highest level of protection) is still expecting a "trusted execution environment" that is separate from the GPU. This leaves two major paths for exploitation: against the TEE itself, and against the path between the TEE and the GPU. There seem to be published exploits for the former, at least.

Also, Widevine L1 is only really used for "high-value" content, so it's often possible to obtain relatively high-quality streams at lower protection levels, which I'd assume are even easier to break.

Not to put too fine of a point on it, but the crytography behind DRM seems consistently amateurish. They ought to be doing what I said, but maybe for compatibility reasons they can't. I think the gist of what I said remains, though: online streaming is superior to physical media from a DRM perspective because it can use online verfication natively. A physical disk cannot change after it is stamped, but a streaming service can implement tighter rules over time, even for its back catalogue.