During development (not production) it is sometimes convenient to use X.509
certificates whose CN (Common Name) does not match the hostname in the URL.
We should not disable hostname verification by default.
Since wsimport is typically invoked from the command line or Ant, it would be
necessary to have a "--insecure" option on wsimport to skip SSL hostname