Re. inspecting memory: Back in the day, that was indeed how it was done. It's often a bit more involved than that due to anti-debugging tricks or run-time encryption (on top of the inevitable obfuscation) of the DRM program code and data. If I remember correctly that was how the DeCSS key was leaked from the software-based DVD player programs of the time.
The CDM providers might take this road, which is well-known to be somewhat secure in that it buys time (it takes a skilled reverse engineer a while to figure out the decryption, then you change it in the next version and make them start over again) and isn't too controversial.
Or they might go for a hardware solution in which part of the decryption code is uploaded into some 'secure enclave' in your CPU that cannot be inspected from within the same computer itself. I think we have gotten a preview of this type of scheme with e.g. Apple's iPhone and Intel's 'Management Engine' which has been in the news recently, although I don't think the current implementations of either make much provision for multimedia decryption / playback.
So I think the plain answer to your question is:
The current crop of CDMs are probably as secure as a typical software DVD or blu-ray player: Good against most casual opponents, still vulnerable to skilled reverse engineers who care to put in the requisite time and effort.
Future CDMs have the potential to be highly secure, assuming hardware support becomes widespread, making illicit decryption of multimedia as difficult as e.g. jail-breaking an iPhone or cracking the copy protection on a modern gaming console: There is at any given time probably only a handful of people in the world with the skill, time and motivation to crack such hard schemes (reverse engineers and hackers almost always 'age out' - it's a young man's game).
