But in my reading still requires the distributor to puts generous constraints on the use of the signing authenticator output if they retain the right to distribute.
A signature key is not a authorization key. The key is not needed to use the program.
2nd you don't need a *special* password to unpack/read/copy the source code. The SSL layer is transparent and accessible to anyone.
replace SSL (+HTTP) with S/MIME (+SMTP) and a per-recipient encryption with a key generated by the distributor, which key contains copyrighted data and trademarks in the accompanying signed-key certificate.
You don't need a special password to use/copy/modify/distribute the program once it is unpacked.
Cheers.