1) Mining pools : Bitcoin protocol security is based on the condition that no actor can get more than 50 % of computing power. The hashrate distribution shows that bitcoin is almost a centralized system were 2 or 3 actors, control more than the mythical 50%, this is quite bad for a wannabee "decentralized" currency.
Did I mention that the actors who rules the mining pools are in majority pseudonymous?
The existence of mining pools derives from the fact that only a block is only mined every around 10 minutes, so there is only one winning miner per 10 minutes (there are security problems to reducing this interval to under one minute), which means that miners lose most of the time, so it soons became interesting for miners to smooth their income revenue.
Mining pools are kind of electoral representatives, miners vote for them, but in the end mining pools can do whatever they want.
2) Mining hardware limits : Most bitcoins are mined using specialized hardware cards, which is currently mining at about 2Th/s.
This hardware market has its own flaws exacerbated by the low morality of most of its actors. Currently this hardware pre-manufacturing buy market is ruled by KNCMiner and Cointerra which both by the way have higher morality than others. This mean that if you want to participate in the Bitcoin decentralized regulation process, by voting with your computing power, you must pre-buy from one of this 2 company. Bitcoin is like a democracy where you have to buy your voting bulletins 3 months in advance with no guarantee that they are delivered before the elections if they are at all delivered.
But most importantly the 2Th/s bring us close to an electrical consumption of around 2500W. Which bring us very close to the limit of electricity consumption available to individuals in most european and american countries. This means that most individuals cannot mine (or won't soon be able to) anymore.
3) Centralized security review : Bitcoin protocol is not really a protocol implemented in software but a software defining a protocol. This software "bitcoind" which derive from original Nakamoto (is it him ?) code is a sort of spaghetti legacy code. Although there are some nice ideas in the code it's very far from being clean. But the problem, is with the reporting, if you find a security leak and want to help you either have to go public or exchange via PGP and convince a benevolent developer that there is a bug in the code he wrote that could result in serious financial loss for many low morality people.
By the way, although the cryptographic part of the code may be safe, I definitely believe the network part is not safe enough, but I guess I have higher standards (and higher revenue?) than the developer I reported it to.
The problem of "transaction malleability" that allowed the disappearance of Mt Gox, has been public since 2011, yet silently ignored by various actors.
Did I mention the funny 3-step 11 slides cavalry plan of Mt Gox to illustrate the morality level of various Bitcoin actors ?
But all this FUD should not make the bitcoiner in you afraid. There is money to be made, this is a bubble that won't pop out today, it will rise because all invested actors has an interest for it to rise. It's a pyramidal scheme that still has space to grow. Yet crypto-currencies are useful and have the potential to change positively the face of the world. We are not there yet, but by highlighting current fragility points, we are giving the opportunity to build a better one.
Le Vent se Lève, il faut tenter de vivre.