I think you should separate out implementation from design.
-
There’s nothing to prevent POS nodes to be run in-premise/dedicated. The economics of ETH validators nodes just make economical sense to run in cloud.
-
The ease of attack is not a clear differentiating factor. You could spend 350 billion USD on BTC as well. You could control the NNS in theory through the same logic.
-
Again some POS implementations do require stringent responses in specific time frame. So if your node is not upto stuff, you would get slashed if you couldn’t produce a response in time.
HTH