Looking at the code http://www.bbc.co.uk/iplayer/page/script/1.7/iplayer_info.js
This seems to do the security (A new version was uploaded this morning according to the modified headers)
http requests are pretty simple things and send very limited information. If its securing on something sent over a http get request it will only take someone with an iphone and a bit of knowledge to look at what is being sent and replicating it.
By the evenings out it will be bust wide open agian?