Switching cyphers?
That's "security by obscurity", and depending on that isn't secure at all.
I know about the "encrypted tickets", though I only use them for session identification. No real loss if someone decrypts a cookie; the really sensitive stuff I send using an AES128-encrypted message, signed with a RSA-2048 key and the secret AES key is also encrypted with RSA-2048. So the "secure transfer" stuff is actually secure, but that's because I take an extra security step instead of using MS' "secure tickets". Meh.