I bet you that their smart contract, like most other significant ones, has been designed to be upgradable. That means the authors can modify the smart contract whenever they want, which means it implicitly has a centralised trust mechanism (I.e. you had better hope that the authors don’t go rogue and screw over the users) Central point of trust => blockchain part is now pointless, as ever.
Although the main achilles heel with Maker is the governance and the oracle. The new version of maker has minimised the governance, and the new oracle design has better protection against an oracle attack. Ideally, you want as little governance as possible.
This may have been true in the past, but not anymore. Here's [1] an example of a minor bug that was recently discovered in the MCD deployment and how they're going to patch it. The modules in the Maker system have variables that point to which smart contract to call to execute their actions, and the Maker governance is involved in changing these values.
Perhaps a naive question, but in that case, why bother with a blockchain?
If some entity holds the keys to control what code is run, why not let them run the code to begin with? This simplifies implementation significantly, and has obvious scaling benefits.
You can still operate this in a transparent way with multiple independent stakeholders that validates data. Many other systems work this way.
The Maker system was bootstrapped this way, but now with the release of MCD, the system will be modified so that the Maker corporation's key is revoked and changes to the system will only be able to be made through MKR token governance votes moving forward. [1] When people refer to the "Maker governance", they refer to those decisions that are voted on by holders of the MKR token. In practice in the short term, the Maker corp will still hold a voting majority of MKR, but it's a long term goal that eventually the Maker corporation won't have to exist and the system is totally maintained by the holders of MKR token.
The more important reason though for doing it on the blockchain is reducing technological centralization. Right now, as long as the Ethereum network exists, the Maker system will be on the blockchain and can't be shut down, even if the Maker corporation is dissolved.
US FinCEN has recently set their eyes on stablecoins, declaring that the entities that offer them will need to comply with KYC regulations. [2] By deploying the system on a public blockchain, it's arguable that the US govt will not be able to cease the distribution of Dai itself and will only be able to go after its holders.
