re: SOAP/XML
There is still HTTPS and IPSec.
The HTTP over IP standard should be deprecated due to the quite visible fact that
there are some very large untrustworthy ISPs.
In favor of port 443 HTTP over SSL, or HTTP over IPsec (with the ip authentication header), which can actually still provide practical assurances that the data arrives unmodified, or doesn't arrive at all,
in spite of the new issue that has arised with use of HTTP on the internet.
Yes, it turns out that not all the evil crackers are wearing black hats or committing their mischief by exploiting bugs in software to gain access.
Why do all that, when the undercover black hats can conveniently pay an upstream provider for surreptitious access to all your data streams?
Unbridled sniffing with no repurcussions, so long as the source of the data
is adequately obfuscated before it's sold overseas to the highest bidder....