I have a WCF service accessible over the Internet. It has wsHttpBinding binding and message security mode with username credentials to authenticate clients. The msdn says that we should use message security for the Internet scenarios, because it provides end-to-end security instead of point-to-point security as Transport security has.
What if i use transport security for the wcf service over the Internet? Is it a bad practice? Could my data be seen by malicious users?