Secure XMPP communications just run over SSL, yeah? There was a report last year that XMPP software often configures SSL really badly. It's been said that NSA largely takes advantage of implementation bugs, not mathematical breakthroughs; the XMPP ecosystem sure gives them the opportunity.
https://news.ycombinator.com/item?id=6344972