XML Signatures: Behind the Curtain - A Pithy Summary (Page 8 of 9 )
XML is codification of author Donald Knuth's aphorism that "all computer problems can be solved with another layer of redirection." The whole XML syntax is designed to utilize redirected Web-based services. While outsourcing critical business services to trusted partners may be acceptable, outsourcing by default what could be a significant component of e-business in the years to come doesn't seem such a good idea.
Also, it must be stressed that understanding the context of your XML use (what data is actually being signed) is just as important to security analysis as the actual signing of the code itself. Any default use by unintended or unknown redirection to someone else's business model of Web services can end up being an open and insecure -- not to mention potentially expensive -- portal into an organization. Knowing where you're really going on the Web (as well as who is sending you there!) seems to be a prudent course of action for these times.