I assume at some point Widevine plugin decrypts these files to display the actual video stream in the browser, correct? Why don't they capture already decrypted stream?
You are technically correct. The stupid thing about DRM is that the player has to download the decryption keys into the RAM of the player. All these players do is try to obfuscate the keys so they can't be accessed very easily. When you see these proper rips out there they are being done by groups who extracted a decryption key from the player and used that to unencrypt the stream.
DRM is dumb. I used to work on DRM. It was dumb then, it's dumb now.
That's why they now embed displays with verification modules. Basically whole stack from server to your display is a giant chain verifying you are not doing what they don't want you to do.
Though often they get it wrong, like when I bought a movie off Apple and it errored when I screen mirrored to my dumb TV and it’s back to piracy first for me.
Your dumb TV doesn't have the appropriate HDCP chips, which is why it errored. Your computer didn't know whether it was a dumb TV or if it was an HDMI capture card ready to rip the movie...
These things are designed to hassle legitimate customers only. Pirates are never going to pay anyway. DRM is so they can squeeze more out of paying customers.
It depends. Today there are APIs which allow the actual decryption to be done directly on the GPU, while requesting the GPU to not allow the sharing/capturing of those decrypted images.