I can only assume you're just posturing because the size and scope of Flash and the size of scope of Flash's security problems are _way_ beyond just a DRM blob.
[0] http://www.cvedetails.com/cve/CVE-2015-6639/ - Integrity Impact Complete (There is a total compromise of system integrity. There is a complete loss of system protection, resulting in the entire system being compromised.)
It is also worth noting that finding vulnerabilities may be a crime in many jurisdictions [1] (thanks to the DCMA), which would prevent researching coming forward.
Not sure about that, considering the Widevine's CVEs on Android have been quite bad with privelege escalation and sandbox escaping.
A bad video can still be enough to burn your system. That's a full security scope right there.