Aaron Skonnard and Keith Brown discuss some interesting things regarding UsernameToken Authentication in WSE2 [1,2,3,4] which extends this.
I noticed on Aaron Skonnard's old skonnard.com weblog that he mentions he wrote the WSE2 HOLs. After reading them I find this un-surprising since they are great. I also noticed on Aaron and Keith's new pluralsight blogs that a certain Don Box is listed as a Pluralsight blogger. Maybe he's going to join his ex-developmentor brethren.
Update: Jon Lam comes up with the code to do the enhanced WSE2 username token stuff here: http://www.iunknown.com/CommentsWithEntry.aspx?entryid={A1FA1563-D7FB-40A9-8659-529929305728}Haacked have a slightly different spin on the same problem here