xor-ing is the method used by the One-Time pad, so to say that it's inherintly insecure is somewhat unfair. Also, you'd probably want to do something to bring the characters back into printable range, which you don't do above.