Limiting witness votes to 10,000 Steem per account actually makes us more vulnerable to Sybil attack. Every account that has more than 10k loses their voting power, and someone attacking us obviously wouldn't have any accounts over 10k. It punishes accounts that follow the rules, and making thousands of bot accounts is a fairly trivial process for someone looking to attack us.

If we implement some kind of reputation system, it will almost certainly be gamed worse than the system we have now. I'd love to be proven wrong on that front... a better reputation system is exactly what we need. Unfortunately DPOS is the best reputation system we have at the moment.