According to the blogosphere, one of the reasons why Fox went with Blu-ray was an additional layer of security known as BD+. Compared with AACS (which has been adopted by both Blu-ray and HD-DVD camps), BD+ provides superior flexibility in responding to successful attacks.
BD+ is derived from Self Protecting Digital Content (SPDC) developed by Paul Kocher and others at Cryptography Research. For those interested in details, Independent Security Evaluators published a technical comparison of AACS and SPDC.
BD+ is essentially programmable security. Each Blu-ray device provides the ability to run a virtual machine (VM) that is programmed by Content Code that is distributed on each optical disc. The Content Code may be title specific. When executed, the Content Code evaluates the security environment of the player and if no compromises are detected, authorizes playback of the media content on the Blu-ray disc.
After AACS decrypts the media content, BD+ applies a second decryption process, the Media Transform. Only after both AACS and BD+ decryption is the media viewable.
Not only is the player programmed by the information on the Blu-ray disc, but the VM and Content Code can apparently provide updates to player firmware in the event the firmware had been compromised.
No copy protection / DRM system is foolproof. All will eventually hacked. The advantage of BD+ and thus of Blu-ray is that the ability to recover from and prevent subsequent similar attacks is greatly enhanced compared with the DOA Content Scramble System (CSS) and AACS.