The only way to protect code running or content playing on an open system is security by obscurity. As a developer, choose your trade-off on the scale between inconvenient-but-quite-secure and simple-but-easy-to-copy and go with it. Any protection will be broken in time. Adjust based on customer feedback and the amount of cracking going on, but that's pretty much all you can do from a technical perspective.
NB: at a low enough level, all systems in the hands of the attacker are open. Hardware DRM is vulnerable to attack by equipment for scraping layers of atoms from the silicon and inspecting it with an electron microscope.
Not all systems, not if you're doing server authentication (itunes account?) / code download every time the app starts (e.g. webapps).
That's why DRM is broken by design.
All it takes is one skilled individual to develop an easy-to-use method for cracking the thing, start a torrent and that's it, millions of people have access to it instantly.
Surely, if the system is server side, then it's not in the hands of the attacker? For webapps, etc. it's not the client side code that's protected, but the server code and data.
