They do. The BBC use it for the web-based version of the iPlayer, for example. (which only works on iOS devices and various set-top boxes and web-connected TVs - try it in the iOS Simulator or any other desktop browser with a spoofed user agent and it'll fail)
Basically, the (HTTPS) server can require the client to provide a special Apple-signed client certificate, which the server then verifies. If verification fails, it closes the connection. If it succeeds, the video is transmitted encrypted (SSL) and plays back just like any other <video> tag.
There's also a variant that lets you statically encrypt the video and serve it via Apple's "HTTP Live Streaming" protocol, with the keys for decryption downloaded via the client-certificate-authenticated SSL connection described above. This lets you avoid the overhead of SSL for gigs and gigs of data, as you only have to encrypt the files once, offline.
Basically, the (HTTPS) server can require the client to provide a special Apple-signed client certificate, which the server then verifies. If verification fails, it closes the connection. If it succeeds, the video is transmitted encrypted (SSL) and plays back just like any other <video> tag.
There's also a variant that lets you statically encrypt the video and serve it via Apple's "HTTP Live Streaming" protocol, with the keys for decryption downloaded via the client-certificate-authenticated SSL connection described above. This lets you avoid the overhead of SSL for gigs and gigs of data, as you only have to encrypt the files once, offline.