As I said previously, I don't think it is even humanly possible to design a CPU with speculative execution without introducing a bunch of potential exploits.
Meanwhile, that keeps a whole industry busy though.
I think it absolutely is. You just have to not update shared state until the relevant instruction is no longer speculative.
Machines with speculation have obviously made sure they didn't update the architectural registers while an instruction was still speculative, so that any changed could be discarded/rolled back. You just have to make sure you do the same for branch predictors, TLB entries, branch target caches, return address stacks, cache line replacement/eviction.
Retrofitting that to an existing microarchitecture is not easy, but it should be no big deal for new designs. You need to provision a few extra entries for each of those resources to hold the speculative state, but (unlike the mitigations on old designs) there is no execution slowdown unless you undersize the number of entries for speculation and have to occasionally stall to wait for a previous instruction to go unconditional.