Read about this a while ago
Basically, the theory is each game disc is encrypted with it's own key, and a decryption key is stored on an erasable part of the disc. When the disc is put into the console, the console reads the key and stores it locally, destroys the copy on the disc (think of erase disc for CD-RW), then uses the local key to decrypt the disc to play it. On subsequent inserts of the disc, the console will find the local matching key for the disc and use it to decrypt the disc since there's no key on the disc any more. If the disc goes into another console, it can't be read since the key's gone - only the console that first took the key can read it.
Also, Sony aren't a company to take their word for - after all, they've distributed rootkits (malware, plus makes it easier for viruses to hide themselves) on "audio" CDs deliberately which install silently on user's PCs, then took their time firstly admitting it before admitting the huge security impact it imposes on people's PCs. They're still taking their sweet time undoing the mess they've made, trying to water it down so people forget how bad they really are.
PS3 will not be a console for me