Forewarned Is Forearmed
As security experts will tell you, the only truly secure software system is one with the power turned off. Despite firewalls, port scanners, and encryption technologies, any software system that interacts with the world is subject to attack. When deploying XML technologies, your best defense is to put on the black hat of an attacker during the entire development cycle. Run through what-if scenarios and test, test, test. Know the limits of your DOM parser. Read your WSDL to make sure that you’re not revealing more than you intend. Pass wacky parameter values to your web services. Order 100,000 books—even better, order negative quantities, such as -10 books. Understand how your software responds.
Systems end up more secure when security is taken into account early on rather than as an afterthought.