SecuROM does not fingerprint the hardware. When an activation is performed, a unique ID is generated to identify the system being used for the activation process... The only data collected is the serial being used for activation, the IP address used for activation, an identifier for the software being activated, and the hash of the machine ID.
See? It doesn't fingerprint the hardware! It... fingerprints the hardware! And sends it out over the intertubes! For a company to catalog, profile, and exploit!
And it's not a rootkit, but it installs a Windows service to allow a non-administrative account to do things that would normally require administrative access, and it inserts Windows Registry keys with embedded nulls, making them undeletable without special tools! Just like a rootkit!