That's not necessarily so. You can do DRM on mobile devices pretty easily without needing to be totally closed. You can do that by implementing the locking code into the app vs into the downloader.

Look at how JoikuSpot and Sygic did their distribution without OVI. You got a deb, and that deb was totally in the open. To unlock the program you needed a key, which it based on an input string from the device (probably a hash of your user ID and your IMEI). The same applies for SSL: The implementation is opensource, yet the encryption capabilities of it stand and work well.

You can do DRM with opensource, it just takes some thinking and planning on how to do it properly. The question is, will they take the proper route and do it right in an opensource way, or take the easy route of security through obscurity, which in the end is usually not as secure long term.