I am using the outbound messaging scenario, wherin an outbound message is triggered on accomplishment of a 'workflow rule'. 
It is working fine and the opportunity records are sent to my web service and the acknowledgement is sent back to Salesforce.
My question is that wont there be any security concerns since no login parameters/ credentials were used while logging into the server that hosts my webservice. Moreover, while the acknowledgement was sent back to Salesforce, there too there is no such security application.
Please guide me on the following:
How does salesforce manages secutiry in outbound messaging?
Do I need to opt for some other way of communication which is more secure?
Am I missing something and there is an option to apply security parameters in outbound messaging as well?