This MSDN article kind of sums up a lot of security issues relevant to WCF
http://msdn.microsoft.com/en-us/library/ms733836.aspx
regarding your specific situation,
the negotiateServiceCredential="true"
means that you streamline certificate distribution to your clients for message encryption.
This option will only work with windows clients and has some performance problems. read more here http://msdn.microsoft.com/en-us/library/ff647344.aspx search the topic "streamline certificate distribution" in this page.