Europe did several studies on postal ballots, and largely rejected them as insecure. I don't think the possibility with mail in ballots is in question.

You can require registration with an ID, but in the US maintaining voter rolls is hard.

All security limits how easy it is to do whatever it is you are securing. So you have a trade off of zero security and super simple voting, or massive security and very difficult voting. And everything in between. You have to choose.

In my opinion, postal ballots should be restricted to the smallest group possible. I don't mind an exception for the paranoid, but we don't need to break the system to accommodate the fringe cases.