I think we need a governance model that is more decentralized. I would suggest approaching the issue from the perspective of a hacker that is trying to take over the network by themselves. How many accounts would they need to takeover, and at what cost? This depends on STEEM user base, how invested and active we are. If we can find the best mathematical approach based on some kind of adjusted mean buyin level of the highest active user base then we can find the best approach to the governance model. For example, if Dolphin buyin level has the highest user base, then limiting witness votes to 10,000 STEEM per account in addition to a 1t1v or 4-votes per account rule would require a lot of accounts to take over the network, and combined with some type of reputation or time-limited voting system would be an improvement over the current DPOS model that is not resistant to Sybil attacks.
Limiting witness votes to 10,000 Steem per account actually makes us more vulnerable to Sybil attack. Every account that has more than 10k loses their voting power, and someone attacking us obviously wouldn't have any accounts over 10k. It punishes accounts that follow the rules, and making thousands of bot accounts is a fairly trivial process for someone looking to attack us.
If we implement some kind of reputation system, it will almost certainly be gamed worse than the system we have now. I'd love to be proven wrong on that front... a better reputation system is exactly what we need. Unfortunately DPOS is the best reputation system we have at the moment.