For what it’s worth, from the client side, the medium term plan is to remove the concept of RPC nodes (they would simply be full nodes instead) and to make the handling of bootnodes automatic.
See:
- GitHub - smol-dot/smoldot: Lightweight client for Substrate-based chains, such as Polkadot and Kusama. (light clients remove the need for RPC nodes)
- https://github.com/paritytech/substrate/pull/12529 (makes it possible for all full nodes to be reachable by light clients)
- Allow resolving bootnodes through WebTorrent or IPFS · Issue #324 · smol-dot/smoldot · GitHub (for automatic relay chain bootnodes, unfortunately blocked on third parties)
- https://github.com/polkadot-fellows/RFCs/pull/8 (for automatic parachain bootnodes)
This removes a lot of overall maintenance overhead (such as managing domain names and load balancers) and completely removes the possibility of attacks (apart from of course (D)DoS attacks).
Should there be ever a malicious actor or issues with a service the member can be easily removed.
This is unfortunately not a good solution, because 1) you must somehow be made aware of the fact the actor was malicious or has an issue, which is more easily said than done 2) you’re removing the malicious actor after the fact.
If an RPC provider is malicious and is technically competent, you simply won’t be able to detect it.