It could be controlled by a third party that isn't trying to dominate the browser market. And Google already caused issues years ago when it side loaded that plugin on open source distros and initially refused to provide an option to disable this behavior in chromium.
Secure DRM requires that your device have keys that are burned-in that you can't access. It's impossible to have an open implementation of a non-broken DRM system.