Well, I'm not particularly familiar with DRM apart from not liking it. What exactly does flash do that makes the DRM-loving lawyers consider it acceptable? From my point of view the kind of control offered by HTTPS and normal browser authentication is enough but the MPAA and RIAA (or the BBC, for that matter) clearly don't agree.