Why do I get the feeling that even though it will be sandboxed, there will some sort of DRM API/standard that allows the website to play encyrpted audio/video directly through Intel's Protected Audio Video Path?
Yes, that's a very good worry - that content will be end-to-end encrypted between the provider and an approved monitor, and not even the compiled client-side code will see the cleartext content.
But if the compiled code doesn't see the cleartext content, there's no reason to obfuscate it; the provider can safely do the same thing in unobfuscated JS, by just making an XHR to retrieve the encrypted media and passing it to a <video intel-drm-crap="yes"> element.
Arguing that no such API should exist in the browser is going to be a way easier fight than arguing that no compiled code should exist in the browser. There are plenty of good use cases for compiled code, but this one API is only useful for DRM.
But if the compiled code doesn't see the cleartext content, there's no reason to obfuscate it; the provider can safely do the same thing in unobfuscated JS, by just making an XHR to retrieve the encrypted media and passing it to a <video intel-drm-crap="yes"> element.
Arguing that no such API should exist in the browser is going to be a way easier fight than arguing that no compiled code should exist in the browser. There are plenty of good use cases for compiled code, but this one API is only useful for DRM.