[gcp]

which is an active protection of the user against malware.

You should look at how Mozilla implemented EME then. The CDM is sandboxed, in a much stricter sandbox than the rest of the browser even. So no, the CDM potentially being dangerous (for privacy or security) isn't actually that much of an issue.

Of course, someone might at some point claim that the privacy features harm the copyrights protection, at which point choices will have to be made.

History provide ample evidence that Mozilla will make the choice their users ask for (which is, by the way, not necessarily the choice some users will voice the most loudly).