The system only distributes requested objects. If no one requests spam objects, they won't be replicated or distributed, thereby not wasting resources (in theory).
Git's not that decentralized, though. You've got centralization at a technical level (everybody contacts the same server to push code) and at an organizational level (if you want to add code you need to be the repository owner or someone authorized by them).
That brings up an important point, though: you can make your system partially decentralized, and gain many of the benefits of a totally centralized system with a fraction of the complexity.
What if it was a decentralized system with authentication? Could a community of users host content internally, and add a users public-key (of sorts) to some global "allow" list?
There is a well known decentralized system that scales called email. It has proven difficult to keep clear of spam, but that isn't an issue on a closed/authenticated email network.
A Sybil attack can be seen as either a censorship problem, or a trust problem. As long as you are careful how you add new members, such a system wouldn't be at all vulnerable to a sybil attack.
Well designed decentralized systems scale better than their centralized counterparts (see bittorrent vs. rapidshare et al).
It's more difficult to keep them clear of spam, but hardly impossible. You can run spam detection on every client. You can require some obstacle to posting content (proof of work, or maybe payment of 10 or so microbitcoin). Most effectively, you can design your systems to allow for distributed moderation.
I bet strongly against that simply because large commercial players in the field center a significant part of their business around hoarding users' data.
Even if they somehow figured out how to scale decentralized systems and keep them reasonably spam-free, they wouldn't want them.