Although SOAP and .NET allow complex B2B systems to share data and expand business capabilities, it is critical that access to SOAP interfaces be limited to authorized users, due to the sensitivity of the transactions. Many implementations of applications using SOAP expose too many functions or bypass the authorization and entitlement controls that normal transactions go through. The design of the application should ensure an orthogonal interface for all users and establish a single security checkpoint. Additionally, use of strong authentication such as HTTP certificates and XML signatures is recommended.
That's nice, but do you have a point?