It really comes down to numbers vs risk.
The solution is to use DRM to protect the content. Pretty easy on a Phone/Tab due to it's beefier processor but not so much on a CCast other than using the built in DRM which could be vulnerable if someone with root access messed with it. On a phone you could create your own DRM system inside the app and even run a root check to deny the app from running which many have chosen to do. In essence that is precisely what Netflix does! And it should be noted that Netflix runs differently on CCast than all the other Receiver apps we see.
While they would probably be more comfortable not supporting Android due to it's rootable nature, when 85% of your target audience is running it it's a little difficult to ignore. Not so much the case with CCast at this point. and without their support it never will capture a majority of the audience.
Truth is the major holdup to content support seems to be the duality required to make CCast work. Not only do you have to code a receiver app for the CCast but you have to build the control and Dial functions into the Mobile app as well to send content to it.
Most media companies aren't this savvy to wrap their heads around that which makes CCast support almost an afterthought.
But back to your question...Yes they are plenty concerned with root on phones and tabs but to deny them means cutting off the lionshare of your target audience. Not the case with CCast at this point and since content is all it does they have some leverage to ignore it if they want until they are sure it is piracy proof.