Hi Ivan. Yes, somebody needs to maintain the nodes. And it is the responsibility of the Foundation to ensure that the spread of nodes across jurisdictions, geographies and sectors is such that no accumulation of power in one area (be it geographical or sector etc) is possible. This contrasts with the governence-less Bitcoin/Ethereum model where there are no such controls, allowing a concentration of power where electricity and hardware is cheapest in Bitcoin's case.
So, how do you know to trust the Stewards who run the nodes? Firstly, they have to sign up to the Sovrin Trust Framework. Secondly, they are encouraged to perform correctly by the reputation disadvantages of not doing so. Thirdly, they are sponsored to become Stewards by those already part of the Sovrin Foundation, who also will not want to have their reputation dented by bringing on board a poor performer.
The Sovrin design enables Stewards and other organisations to publish reputation ratings. This is not implemented yet, but you can see where things are going if you look through the white papers on https://sovrin.org. This will let you look up the reputation rating of any Steward.
Regarding the attack surface, if you use the current centralised approach of identity, the attack surface is that organisation's large data silo which could contain millions of records, and which has an admin backdoor. As we've seen in recent weeks (Yahoo being a good example), centralised identity silos are vulnerable. In a Sovrin scenario, the attack surface is hugely reduced. None of the Stewards that run nodes are able to do anything with the data on those nodes, and your own private information is held off-ledger in a secure container, and anchored back to Sovrin. Therefore the attack surface is minimised to an individual's private key which is securing their data container. Sophisticated techniques for private key protection, rotation and recovery exist and are being enhanced.
Therefore, Sovrin provides the foundations for you to securely interact and share data with any other Sovrin participant. You can establish a trust level with that other participant as they can with you, and you can present them with verifiable identity claims which they can check for authenticity to trust you even further.
I hope that helps. Do check the white papers in the Sovrin.org library for further detailed reading.