Web-based clients are insecure simply because you don't have physical control over them. You don't control the network, the routers, or the client machine. Give me (or some malware author) the client machine, and who cares what you signed on the server or how?
These are military personnel voting (absentee) from overseas. I can guarantee you that I can control the originating network, the terminating network and the client machine.
And by the way, the system extends to 150 million clients running every kind of hardware, software, and configuration imaginable, maybe 25% of which are infected with malware, and to which we have no access and over which we have no control.
See above. If the machines which are eligible to be used to cast the vote are not under some sort of control, there is no way of doing this. However, the number of machines can easily be limited to the command and control structure, which makes this facet of the problem trivial.
If you are talking about people being to vote from home, I heartily agree with Bruce Schneier that the problem may well be intractable, not for reasons of malware, but for the impossibility of testing every potential configuration.
If you limit the problem to the overseas (or otherwise deployed) military, where the time between the absentee ballot becoming available and the last available date to return it, the problem becomes manageable, simply because the change management process for the available terminals can be controlled. Hell, simply send (under cover) a live cd with the software on it to each deployed service member. Now, no malware, no unknown configuration (at least what matters) and enhanced security.
BTW, see my post below.