What he found is that the batteries are shipped from the factory in a state called "sealed mode" and that there's a four-byte password that's required to change that. By analyzing a couple of updates that Apple had sent to fix problems in the batteries in the past, Miller found that password and was able to put the battery into "unsealed mode."
From there, he could make a few small changes to the firmware, but not what he really wanted. So he poked around a bit more and found that a second password was required to move the battery into full access mode, which gave him the ability to make any changes he wished. That password is a default set at the factory and it's not changed on laptops before they're shipped. Once he had that, Miller found he could do a lot of interesting things with the battery.
"That lets you access it at the same level as the factory can," he said. "You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You'd need a vulnerability in the OS or something that the battery could then attack, though."
Making your batteries a different size and/or shape than others? Probably had a good reason for it.
Making a customized connector for your batteries? That's starting to get a little silly, but maybe it was to lower cost, or enable the flow of more watts between battery and computer.
Adding extra expense and extra complexity to both the battery and the driver software by putting not one but two layers of password lockout... on a damn battery??
That's not evil, monopolistic or specifically designed to avoid interoperability and guarantee your ability to price-gouge your customers, Apple. Nope. Not at all. Stay classy, you guys. And by all means, continue this kind of behavior. You're doing a stellar job of niche-marketing yourself right into oblivion.
The fact that such added complexity provides a potential opening for BIOS viruses that can't be detected by normal means and will survive an OS reinstall? That's just the icing on the cake. Memo to geniuses: Haven't you guys ever heard of a fuse? If you don't want customers (or viruses) casually messing with your battery's firmware, then you should have put a twenty cent chip fuse on your $100 battery, and blow it as the last step of the factory QC process. Then nobody can change your device's factory settings without at least having to take it apart.
(Yeah, I know: "So sorry - we can't hear you over the sound of our thousand-foot high piles of cash!" -Apple. Yeah, well, you guys be sure to let me know when you find your thousand-foot high pile of brains! What's that? You say you don't have one of those? Well then...)