Some of the characteristics that make service-oriented architectures appealing for enterprise applications also make them vulnerable to security breaches. The vulnerabilities are primarily due to the openness of the service-execution environment, to the dynamic run-time selection and composition of services, and to the autonomy of the individual services. In this paper, we describe these vulnerabilities and discuss ways of mitigating them. Such ways include software agent technology and distributed database transaction semantics.