That is the crux of your argument and it is so simply not true on many levels.

It is the P2P node network which validates and protects the integrity of the network, not miners. The miners only determine _ordering_ of transactions on the blockchain. That is how the system works.

A mining cartel can not change the terms of service, even if they have 51% or 90% of hash power. If they change the terms of service the blocks they produce would be considered invalid and rejected by the P2P network. Maybe network confirmation times would run a little slower until the next difficulty adjustment, but that would be the only impact.

About the only thing a mining cartel could do is refuse to _confirm_ certain transactions (such as black listed addresses). But unless the cartel has 100% of has power, which is impossible, these transactions would simply wait for an honest miner's block. And even this has simple solutions which Gavin and others have proposed and have ready if needed (such as including the economic value of a block's transactions in addition to difficulty, this would lower the height/priority of chains that do not include all the transactions that honest miners are including).

On top of this the miner centralization issue is not a long term problem anyway. The system will naturally decentralize over time. With the introduction of ASICS it was difficult to obtain hardware and professional setups had an advantage in procurement only. However centralized mining installations in datacenters naturally are at a cost disadvantage vs. home style setups which have free space and cooling. As the ASIC market matures I think we'll seem a shift back towards more decentralized mining anyway. Computing used to be the same way, at first we only had large centralized mainframes, today your average US home probably has 30+ processors in their house without even realizing it.

The only part that will remain centralized are pools, here the market tends to settle on 2-5 main pools historically. But pools are not a threat in regards to centralization, if any decided to cause issues the vast majority of their users would simply switch to a different pool. Attacks by pools are only effective at destroying the business model of the pool itself.