As DRM goes, this is fairly weak sauce(the whole point of magic HTML5 DRM is to move all the interesting bits back out of the browser and back into the not-a-plugin-because-we-call-it-a-CDM-plugin); but it seems like a Very, Very, bad thing that any cute javascript provided by a (potentially untrusted, and probably deserves not to be) web page could modify the browser behavior to that degree. Makes you wonder what other neat little quirks you can twiddle from the inside(even if you can’t actually execute much, UI modification = trivial tricking of the user into doing something they really shouldn’t.)
The HTML5/DRM nonsense is a total disaster as well, don’t get me wrong; but it’s a disaster that’s designed to smuggle the darkest days of platform-specific browser plugins back in, now blessed as Shiny and Standard! With an even remotely competent implementation of the EME, the dev console won’t tell you a thing, other than that a CDM is sitting in the middle of the page doing something unknowable.
