I'm rather focused on opaque, unverifiable processes than on the machines, but several of them do indeed take place inside the machines. compromising keys, software chain of custody, accepted keys and processes to validate them are all obscure (to me) processes that don't seem possible for human observers to check enough to trust the system.
one of the issues I notice in this sort of the debate with IT security experts like you is that IT security thinking is applied. let me explain why I find that unsatisfactory.
when a business sets out to protect their IT infrastructure, they set out to keep attackers out, establishing one or more security perimeters, modeling the threats and mitigating them. it's enough for the internal IT-sec experts, the CTO and the CEO to grow convinced that the threats are reasonably mitigated.
when it comes to elections, the bar is much much higher. on top of all that technical stuff, public trust has to be earned. the system must be such that an average voter, party or observer can inquire enough about the internal details of the system as to be satisfied that, even under a suspicion that an adversary party controls the voting process, there is enough transparency and verifiability built into the process that attempted fraud (miscounting or violating secrecy) could be noticed, caught, and either proved or avoided. it's not enough for internal IT experts to see that, if every internal incorruptible angel does their job, it works as designed