Would you say that NET is insecure because it can store data in xml files? Or would you say that xml files are insecure? That's a rather "apples and oranges" diversion, wouldn't you say? :)
XML is secure if you use XML encryption (and certain parts of a web.config can be encrypted). And if the XML is part of a web service scenerio, then you also have transport level security....but using .NET to store XML is a much smaller issue compared to using .NET against a "regular" data store.