My understanding is that there's some DRM stuff that can't really be implemented in open source stuff. Not sure how accurate that is, or which sites use it, but I guess it's a technical reason. Still very scummy and annoying how poorly they treat paying customers.
If it's open source it's under the user's control, so it's almost impossible for a company to guarantee DRM is actually implemented instead of the device just claiming to implement it, decrypting the stream and not actually implementing any restrictions.
The whole point of DRM is to take control away from the end user so their device does what a company wants instead of what the device's owner wants. If the user has control, you can't have DRM.