Service-oriented architectures (SOA) and, in particular, Web Services are the emerging technologies to develop interoperable systems. In spite of the maturity of these new architectural models and technologies, the security of open services is still a challenging open issue; furthermore, the overall performance of a service built by composition of many atomic services can depend on many factors that need to be addressed. We are working on the design and the development of the MAWeS architecture, a framework that supports the development of self-optimizing autonomic systems for Web Services architectures. It relies on a simulation service to predict system performance and adopts a security evaluation service that implements a policy-based methodology for security description and evaluation. In this paper we sketch the MAWeS architecture, illustrating how to use it to optimize the performance of a typical compound Web Services application while at the same time guaranteeing that a set of security requirements, expressed by a security policy, are met.