The first is down to developers mistakes, if they had followed Apple’s guidelines then this one wouldn’t of worked. Some applications just require you to copy the code signature and some other files from a free app, and paste those into a paid app to enable it to run. If the developers had of followed the guidelines then a check would occur where it checks the code signature ID to see if they match the app’s bundle ID.
The second exploit is the removal of the DRM, similar to what happened on the iPhone App Store. It uses an application known as ‘Kickback’, currently the application is unavailable but as soon as the Mac App Store becomes more populated I’m sure we will see the application surface.