How does Bitlocker + TPM prevent me seeing the HDD contents with another OS?

Nothing is stopping this. What the TPM is doing is checking the integrity of various boot-time components and only unsealing an internal password if these components have not been tampered with. It can be additionally configured to require a PIN code, but that is not strictly necessary. The reason the drive does not automatically decrypt on a Linux system is simply because Windows is communicating with the TPM, asking it to attest the state of the system.

The key is kept sealed inside the TPM itself. The purpose is not to prevent you from decrypting the disk if you have both the computer and the drive, but to make it impossible to decrypt the disk if you have only the storage drive but not the computer itself. If you have physical access to the entire device, including both the drive and the TPM, you will be able to decrypt the drive.

I think a lot of the comments miss a key point. If you are using Windows 10 with secure boot and password protected firmware, then you cannot simply boot into Linux and see the disk. The TPM will not release the decryption keys to a changed O/S. I'd suggest having a read through this post:

Can a physical attacker compromise a Windows machine with UEFI, secure boot and bitlocker? as there is some good information there.