First, there's nothing inherently insecure about an e-mail ballot. PGP/GPG, a strong X.509 certificate system, and you can be sure that nobody on the outside can either read OR spoof votes. By digitally signing the vote, it also provides some safeguards against someone at the Pentagon from vote-tampering.
However, there's no reference to secure e-mail. Standard e-mail is trivial to sniff or modify en-route, as it's plain text. It's also impossible to verify that what is sent is the same as what is received or printed. Without that guarantee, it would not be hard for, say, a political sabateur from modifying votes from the "wrong" party to the "right" one. Nobody would be able to tell. In consequence, it is impossible to verify that the votes ultimately processed are the same as the votes cast.
Second, the idea of sanctions for "incorrect" political persuasion is slightly less likely. Especially if the "wrong" party was ultimately elected. Too risky. If anything untoward is going to happen, it'd need to be something that couldn't be easy to identify or track. As mentioned above, vote tampering is a much more likely problem.
Let's move onto the scanned image problem. That's such a non-issue. You detect the box you want marked. You detect the box that IS marked. You change the sizes so that the total area you have identified is the same for each. Swap the two areas round. Voila - a change in vote that would beat any trivial inspection.
For a more "convincing" fake, you'd want to do color adjustments, so that the backgrounds matched up (so flaws in the paper matched up). You'd also want to do line detection, so that you could add/remove crease-marks that you'd split up.
"Ok, but all of this is very intensive, and would be much easier to do with manual help, rather than fully automatically."
True, but if the perp was in the Pentagon, they'd have the time to make the modifications. An intercept would also still be possible - you just have to have a "dummy" SMTP server sitting between the sender and the receiver, which captured the electronic votes. The villain of the piece could then take whatever time they liked to "perfect" the counterfeit votes, and then send them off from that same mid-point, spoofing the original sender's IP and sender's SMTP server behaviour.
The ONLY way you can be sure that what the election office gets is what the voter cast is if there is a digital signature (X.509) that is securely generated (SHA-1 is a lot safer than MD-5, for example) AND which can be verified by the election office AND which shows that the message has not been tampered with.
It's better if the message is encrypted, as then only those with a "need to know" will see the vote that has been cast.
Why is this important? Because if you know that, say, 45% of people have voted the way you don't want, and you KNOW that enough people haven't voted to sway the election the way you want, it wouldn't be hard to inject enough false votes to change the result.
The fewer the number of people who know who has voted, the less the risk of fake votes. (The recent Chechen elections suffered a lot from false voting, with recorded turnouts of 80% but International Monitor reports of near-zero turnout.)
The more controlled the information, and the less any one person knows, the harder it is to conduct a convincing fraud.
(Ralph Nader, in the Oregon referendum to put him on the ballot in that state, got a LOT of votes from dead people.)