Now, most of the security issues found on modern processors are due to speculative execution one way or another.
While it's hard to just do without it (that would harm their achievable performance significantly), it seems even harder to get it fully secure.
I'm not even sure if it is at all possible.
The leaks of information produced in speculative execution occur by means of caches (like L1, or TLB in this case).
I imagine one potential mitigation strategy could be overprovisioning said caches and giving them checkpointing support, so that a speculative path that fails can undo all changes it has made to the cache. Speculative cache fills must be prohibited from evicting valid data and blocked until either the speculation is resolved or suitable cache line is freed/invalidated by somebody else.
The mechanism may not perform very well on caches with low associativity, like typical L1
Intel already support a remotely related mechanism which they call transactional synchronization extension. You can explicitly speculatively execute a piece of code and bail out of it if something goes wrong (it will also fail automatically if other core accesses the same memory at the same time). All memory changes are reverted. Cache state is not preserved, but the underlying implementation is often believed to work by means of creating a small "parallel reality" inside your local L1 and using the coherence protocol to detect inter-core data hazards.
Notably, it was disabled on several early implementations because of bugs. I suppose there is a lesson here about the difficulty of maintaining multiple alternate cache states in a multicore environment. Single core should be much easier.