EME isn't a DRM standard. It's an API for passing over the keys to a DRM system. So no, it doesn't make things any easier than the object tag ever did.
The DRM module doesn't necessarily pass the content back to the browser if it's an OS component (which it often is) - there may be a secure video path. Heck, in the case of Netflix's 4K service, it appears the OS itself doesn't even see the content, it's entirely kept within the GPU in a secure area.
If the DRM system does pass back the content to the browser then you could stream rip it from the video path, but 'twas ever thus. And it's worth noting in those scenarios content providers only seem to allow non-full HD content to be shown.
There's nothing in the EME specification that defines how a DRM CDM module works, so there's nothing to help compromise one in the specification, and generally speaking for the last few years DRM systems have actually got pretty good at protecting their keys to prevent impersonation.
