[ASutton]

It has to be down to your personal preference.

My company runs AndAppStore and, although we don't force anyone to integrate our purchase checking system into their paid apps, I know we'd still appreciate a heads up from anyone who thinks they've found an exploit for it (not necessarily giving a full fix, but a heads up to how the exploit would work so we can look at addressing it if it worked).

In your shoes I'd ask for the DRM requirement to be dropped. You know it's not secure, they've shown they're not paying full attention to the DRM solution, and so even if you spent your time coming up with a totally secure solution there's no guarantee that they wouldn't modify it at some point and inadvertently weaken the protection it offers.

One thing to remember though is that if your app is available through multiple channels you may end up with lower sales across the board if the problem isn't addressed. The reason for this is if pirates get a way to create a DRM free version of your app then it doesn't matter how secure all your other distribution channels are, the pirates have an easy route to create a cracked version of your app they can redistribute.