For security, answer is not suitable, here is the quote from JMS1.02 Spec section 2.7
"JMS does not provide features for controlling or configuring message integrity or message privacy. It is expected that many JMS providers will provide such features. It is also expected that configuration of these services will be handled by provider-specific administration tools. Clients will get the proper security configuration as part of the administered objects they use."
For transaction, I am not sure, since JMS has a concept of "transacted session" which "groups a set of produced messages and a set of consumed messages into an atomic
unit of work."
but in Spec section 1.4.4
"A JMS client may use JTA to delimit distributed transactions; however, this is a function of the transaction environment the client is running in. It is not a feature of JMS per se."