You can send it over HTTPS instead of HTTP, which would use SSL or TLS.
If you want to specifically encode it, you would normally use WS-Security, for which an implementation is available at
http://ws.apache.org/wss4j/. I'm not sure if it supports TLS, though.
[ November 16, 2005: Message edited by: Ulf Dittmer ]