Any network engineer with even an ounce of sense would design such a system with encryption in the set-top boxes and a security server in the back-office.
But they're not designed that way. The network involves no encryption whatsoever, and the TV programming is not scrambled in any way. All of the security exists in the set-top box, and nowhere else.
Which means that any person that brings his own TV tuner (like a USB-based tuner attached to a laptop computer) can tune in on all of the TV programs, including the ones you're supposed to pay extra for. And with a little more work, you can access all of the administrative screens, allowing you to view the accounts for everybody in the hotel, set wakeup calls for anybody in the hotel, and even alter some billing records (like movie purchases and minibar usage.)
In the future, when hotels start adding cameras to the TVs (presumably for allowing video-chat features), you'll be able to tap into that as well if they don't wise up and implement a more effective security model.