Whenever a new technical approach becomes widespread, doubters raise performance and security concerns. Remember the gaggle of major Internet thought-leaders arguing in 1997 that the entire global network was going to collapse because of peering congestion and hacker break-ins? A recent SourceForge piece summarizes the case against XML. You guessed it: "bad performance, inherently insecure"... As always, we think the key issue is how you intend to use XML in a CMS context. Some key patterns are beginning to emerge -- for example, many enterprises are dealing with performance issues by conducting XSL transforms at content approval time (to pregenerate HTML) rather than at runtime. Other examples abound. So mind performance and security, but don't back off XML if you have a clear business case for the kind of content re-usability it provides...
Read the NewsForge piece (along with comments) and decide for yourself