I was under the impression that (in the UK) all ballot papers containing anything other than "X" in one box were always rejected for that reason.
Then, in the presence of all the other candidates and agents, I would have go through my list and check off my secret codes.
Guess what? It would kick off big style and suddenly consent to include my magic ballots would be withdrawn by everybody else - the Returning Officer would make a decision and probably have a word with the polis - who are present at, and supervise the ballot boxes.
Protecting the integrity of the ballot is like securing a computer system. Identify the core vectors of attack and lock them down. So it is about "what is the rate of postal votes?" "are the postal vote samples inline with the end-result?" "what is the turnout? relative to last time and other similar constituencies?" "what is the churn in voter registration?" "is the final turnout consistent with the reported turnout?" "is it easy to buy votes?" "is it easy to register fake voters?".
The core point is not to make fraud hard but to make it visible. Of course the basic 'don't make it easy' steps need to be taken - but after that it is all about 'don't let anybody get away with it'.
The problem on HN is that nobody coming up with suggestions on how to improve the ballot is doing any 'customer discovery' - going out to talk to actual people who stand for election and run elections and who are trying to ensure that the vote is fair. The computer pixie dust being scattered around is fixing non-problems.
BTW it isn't an X it is a St Andrew's cross - St Andrew being the patron saint of truth telling - it means 'I swear by St Andrew that this is my true intent'. The 'kiss' on a letter likewise meaning 'I swear by St Andrew that my love is true'. One of the perks of being Scottish is that our flag stands for truth, love and democracy :)