Subnets now have a fixed list of nodes and thus providers. Nodes in a subnet can be replaced with a proposal but a dApp cannot be moved from one subnet from another. This is something that DFINITY just started to look into from the technical side, although this was seen as a major effort earlier.
I presume that once canister migration is implemented, it will effectively be possible for canister (dApp) owners to migrate canisters to the subnets they deem secure or otherwise suitable.
However, it will still not be possible to pick a set of nodes/providers that your canister (dApp) would run on. The set of nodes is fixed for the subnet based on the registry configuration. It can be changed with a proposal, but then it’s fixed again until the next change.
IMHO this would be a good idea. However, it’s not a full protection. One could stake $100k and be ready to lose them if they would make $10M. We could maybe say to be on subnet X that holds TVL value of $100M, you need to stake at least 1% (or something) of the subnet TVL. But even then, not many NPs would be willing or able to be in such subnets since they wouldn’t be willing to make such a large investment/staking. So decentralization on such “critical” subnets would be at risk.
These are not easy problems to tackle, and we certainly need to discuss them in depth before making decisions. If you have concrete suggestions, please feel free to create a (new) forum thread (one thread per idea), so that we can have a focused discussion.