The witness-list can be pulled from any hub, its a centralization/convenience exactly if you as user dont want to care but trust a hub-owner to keep up to date and do the choices for you. If you do want power and control you still have it though.
What if a malicious hub owner pushes its own list of Witnesses ? Isn't it a security threat ?
Still not clear to me the "witness mecanism" of the network. Maybe I have to go seriously to the white paper... (RTFM)