Not only that there are plenty of PDF password strippers out there that if you have a quad or better (and considering you can get AMD quads for like $70 its kinda nuts not to have at least a quad) can go through entire rainbow tables in no time at all, just set it to use dual cores and you can keep doing other stuff while it runs in the background.
I'd say the best bet is the watermarks but they'll have to be well hidden as its too easy to strip a watermark out if its obvious, maybe have an obvious personalization watermark and a second hidden one with a code that can be traced back to the purchaser, that way you go after the source without punishing your readers.
And I'd like to say how proud I am of this community right now, here is a legitimate small business trying to stay alive and instead of the usual "Just accept getting ripped off, information wants to be free!" bullshit instead there is actual discussion on how best to protect his content while still giving the customers a good experience. If everyone would work together and find compromises like this maybe we could actually show its possible to sell digitally without nasty DRM schemas like SecuROM, we've had Steam show us the way for games but there is still a lot of work that needs doing for e-books and other works and its just nice to see it being discussed like rational adults instead of breaking down into dogmas and bullshit.