yup. here's a simple attack scenario: internal players get a slightly modified program replicated for deployment on a large number of voting machines. the modified version disables the (software-driven) signature checking, checks the time and, if running on election day (rather than during test sessions), it flips 1 out of 10 votes to a certain candidate. at the end, it overwrites the storage holding the voting system so that it looks like the original version, just in case someone bothered to check. voilà. "surprising results", "not-too-big deviation from polls", "no evidence of fraud". invisible massive-scale fraud with no more than a handful of people involved. good enough?