The trouble is that decentralization is a direction, not a destination. At what point is a thing "decentralized"? Steem is far more decentralized than Bitcoin, as Steem entrusts 19 regular witnesses, one random witness, and one miner witness, with block production whereas Bitcoin entrusts just a few Chinese mining orgs with block production. Interestingly, this combats the idea that "Centralized is faster, so we do that just a little bit" since Bitcoin is both far more centralized and also far slower than Steem.
An attack on the network would require many of the 19 regular witnesses to collude. These witnesses are well compensated, and collusion would jeopardize that revenue stream, which is one incentive to behave. Also, those 19 spots are highly coveted, and those prospective witnesses who are just outside the 19 elected witnesses have a strong incentive to monitor the 19 for misbehavior. Finally, witnesses are rather limited in what they can do even if they do collude. They can't print new Steem, they can't change history (the network will reject a rewrite of history of more than a few minutes without manual intervention)... They can censor posts or transfers (but they'll be quickly caught and replaced, as they can't do this covertly), and they can denial of service the chain by simply refusing to produce blocks (but again, they'll be quickly replaced). So there's little incentive for mischief anyways.
For these reasons, it's considered unlikely that witnesses will collude, and even if they do, it's highly unlikely they'll be able to do anything significant without being quickly caught and replaced.