The modboards I've seen pictures of (have yet to get one since I also have a 20-pin system) have some combination of a PIC microcontroller and one or two SPLDs such as a PAL/GAL. PIC microcontrollers can be programmed so that their programs can't be dumped (there is always a way, but it could end up requiring chemical baths and an electron microscope from what I've heard). PAL/GAL devices can't really be protected, but that's because there's no way to read the device either; the best that can be hoped for to "dump" one AFAIK is to build a device to do a bruteforce analysis of it based on the gate layout... I don't think that this is impossible, but I wouldn't count on it producing results either.
If we're lucky, someone forgot to set the code protection bit burning the PIC on a run of boards, and someone is willing to risk their 20-pin modboard to dump it. Also, it might be possible to erase just the code protection bits on a windowed PIC (the kind that can be erased with UV light and reprogrammed), but I doubt that it's reasonably easy.
As for where the manufacturers learn how to do it, they probably design, make, and attach a "middleman" (possibly similar to the end product) that allows them to monitor the data moving between the CD reader and main board, and utilize that to figure out how to recognize and fake a read of the security ring. Either that or they get leaked tech docs or something

.