I think the vesting period is a brilliant idea to keep only interested investors.
However I cannot see why you would like to ruin hopes of profit for everybody by using a lottery system. Building on people's irrationality rather than rationality is a terrible choice in my opinion. This will unnecessarily decrease the attractiveness of Bitshares for rational people who are not already convinced, and I don't think many people like to think of themselves as irrational. As you have written yourself in the OP, miners who use only commodity hardware already have an edge over mass miners since they do not have an investment to recover, so I don't know why you go to such lengths.
I agree that Bitshares distribution should not reward the richest, but I think the problem can only correct itself. If there is profit to be made by cloud mining, then people will invest more into VPS, eventually lowering the profits until no one can get a ROI on hiring a VPS (provided the difficulty adjusts fast enough). But then there will still be profit to be made by single PC miners, who do not need any ROI, and they will be able to push VPS users out of the game, as the number of flesh and bones investors grows and the power shifts from mass miners to single PC miners.
If you want to restrict mining to home computers, consider involving a GPU in the proof of work. I had an idea like this: keep sealing the blocks with a CPU-only PoW, but also require some GPU-only work in the body of the block. If you are willing to surrender a little bit of decentralization, you could even make the GPU work something scientifically useful, like in Curecoin: you could make the reward of the block proportional to the points earned in a distributed computing project like Folding@Home (with a cap and an adaptive exchange rate). Such scientific programs also run on CPU but much slower, so this penalizes cloud instances. ASIC are out of the question for such evolving applications. This leaves botnets: I don't think it would be very easy for a botnet operator to make a GPU scream without drawing some attention, but this is only supposition. The issue is that the point tally depends on a central authority. This could be alleviated by including other research programs. This also poses the question of how points are checked: each node of the network will need to check the points to validate the reward and the block, which will cause massive traffic on the websites of the scientific projects, and will look like a DDoS.
About decentralization, I think a giant, built-in P2Pool system could be the way to go. I am not too sure how it scales though. Pool difficulty must be high enough to avoid network spam, which means it would still be kind of a lottery system, but with lower variance. As far as I am concerned, if I am sure to get a reward at least once every 1-3 months, it could be acceptable.