Requiring only two out of three keys leaves the system open to straightforward collusion. A threshold like three out of four, or three out of five, would raise the bar to something more like a coordinated conspiracy. There are likely additional human roles involved in the process as well (mitigating the risk), though I’m not fully familiar with the complete setup.

My assumption is that these keys are meant solely to control the timed release of the data, not to serve as the ultimate source of authority. The encrypted ballots are probably disclosed to the keyholders at the same moment the keys themselves are published.

It reminds me of a pet project I want to complete: An automated online timed release keymaster, publishing future-dated public keys, then publishing the secret keys on that date. One day soon... edit: it already exists, https://timelock.dev/