1. Do we want to retain the ability to vote openly?
Yes, options are always good. However, as I mentioned on Salsa[1], I think secret is the better default going forward. Confidentiality allows people to vote what they think instead of being pressured to vote a certain way. It prevents possible harassment. It prevents damaged relationships if people vote differently on contentious topics. It absolutely still gives people the freedom to publicly announce how they voted, if they choose to do so. Most of us in Debian take privacy very seriously, let's extend that to our votes as well.
Obviously, open votes are more transparent, which is nice and very
appropriate for many technical issues that we might vote on. On the
other hand, most votes in Debian are DPL elections anyway.
I think that some of the most contentious issues I've seen in Debian have been technical issues. I absolutely think those should be confidential for the reasons above.
2. How much are we committed to the current process that works
exclusively via email?
Email is proven and robust. Kurt's suggestion of tools to facilitate it is a solid one.
On the other hand, some people might have considerably less trust in
their web browser than their email client.
Yes, this. Not necessarily the browser itself but there are many more vulnerability points between the user and a final ballot. I'm happy to be convinced otherwise but that's my initial inclination.
-Olek