This has been discussed many times. Here is how it works:
1. Not all paid apps are protected. ADP firmware can only see NON-protected paid apps. This is because 'copy protection' is simply a folder that a normal user does not have permissions to enter. Thus, since all ADP1.1 phones have root, they can easily enter and copy the apps to simcard. Basically, they screwed that up pretty well, and really did not think it through all too well.
2. ADP users do not yet have an official ADP1.1 firmware update anyways, so they can not see paid apps anyways on the current image (old market)
3. Google is not blocking rooted phones (as rooted RC33 users can see all apps), they are only blocking the ADP1.1 users (IE ADP1.1 Holiday, which was meant as an update for internal google employees with the phone, not devs).
So there it is, not hard AT all. It does suck though, and if you really think about it, google is basically calling all of its employees thieves
I do think that this is probably the reason why there is no 'official' ADP1.1 dev phone images yet, even with the 1.1 SDK out. Google basically noted that their 'copy protection' is BS, and trying to fix that before the ADP1.1 official images are released, thus allowing devs access to all paid apps.