Just because something is open source, doesn't mean the keys cannot be kept secret. There are a variety of ways to make things work. Using checksum and watermarked signatures for authentication of the app that passes the key, using an authentication server, multiple keys used in a non preset order, etc.
Security through obscurity is not security at all. Obfuscation only slows down attempts to figure out things, but people will eventually figure out how it works. It would have the same issues as DRM of any sort, open source or not. I mean, look at SecuROM, Mobi DRM, ADEPT, Fairplay, etc. All of them have been broken. You can't really crack them, but they can be stripped on an authenticated system. This is just an issue with DRM itself.