Oh, sure, it's not complex. I wish they'd just use one serial and not have gone to the bother of making a keygen, so that they don't hurt other customers, but they don't really care about what I (or other customers) want anyway.
It does suck that pirates can actually hurt other customers by registering their ill-gotten key on steam, but that's the only harm that is done: inability to register a non-steam-bought copy on steam. If they really wanted it on steam they could buy it there and have zero chance of not being able to use the full steam features. And even if they do find that their key has already been registered, steam has proven willing to fix it (by unregistering it for the other person) upon being shown proof-of-purchase, though sometimes mixed signals are sent.
Anyway, there are two very key distinctions of that (real) harm that the present system allows to happen to the customers:
1) The harm does not impact at all the use of the actual product that was purchased:
- the game itself is not impacted at all
- the services of the distributor it was bought from are not impacted at all (if you bought it direct from us and then can't register it on steam that's a different thing: you didn't pay for steam's services, their willingness to register it as if you had is basically just a courtesy to us and to you)
2) The system isn't doing the harm itself. Pirates are doing the harm, not the software itself.
Every DRM scheme I'm aware of can harm your ability to play or enjoy the actual product you purchased, and that harm is done by the system itself, regardless of what other people do.
So yes: our approach has negatives, but again, I find the net gain to be superior to either no-protection-at-all (just removing the serial requirement altogether) or anything more proactive. No solution to this problem is going to be without-negatives (grammar teachers are probably on their way to kill me now).