While I do not know the actual means, I believe I can explain very loosly how it happens.
In very general term, the battle.net servers communicate with the player's copy of the games. Anything that the servers's programs do cannot be messed with, as the server code is protected.
But for effeciency reasons, the server programs do not do everything.
If the server relys on the players copy of the game to display the map, with the appropriate parts hidden, then a hacked copy of the players copy of the game can instead show the complete map.
Likewise, if the server relys on the player's copy of the game to generate the random items that drop when a monster dies or a chest dies, then a hacked version would be able to make every item drop be a SoJ.
Since this doesn't exist (to my limited knowledge), I would guess that the server decides which items are dropped. BUT, it does seem like the server depends on the player's copy of the game to tell the server when items are needed for the drop.
So the drop hack versions of the game cheat by telling the server that lots of really high level items need to be dropped, and the server program does its job and generates random items.
From a pure security aspect, the game would run entirely on the network. That would be horriblely slow. A slightly better compromise is to have all the "guts" of the game run on the server, and the player's computer only handles the graphics and sound.
Still, that puts a heavy demand on both the server, and on the connection between the server and the player. So, even with the emphasis on secure design that the Battle.net realms had in their design, compromises had to be made to improve multiplayer performance.
I think Blizzard did a good job overall. It took hackers years of determined work before they found enough of the loopholes to really "pollute" battle.net with hacks.