Client app.config created transport security even though it wasn't specified in service app.config

I have a binding configuration for wsHttpBinding defined as:

 <wsHttpBinding>
    <binding name="CustomAuthentication">
      <security mode="Messa开发者_StackOverflow社区ge">
        <!-- Change to Message-->
        <message clientCredentialType="UserName"/>
        <!-- Change to UserName -->
      </security>
    </binding>
  </wsHttpBinding>

When I generate my proxy code using svcutil and look at the app.config it generates for the client, I see this in the security section:

<security mode="Message">
    <transport clientCredentialType="Windows" proxyCredentialType="None" realm="" />
                    <message clientCredentialType="UserName"
                             negotiateServiceCredential="true"
                             algorithmSuite="Default" />
</security>

I did not specify transport security in my service config, so why did it create a transport node with clientCredentialType="Windows". Is this by design and does it matter? I watched a video my Michele Leroux Bustamante and she said that you can't use Transport and Message, it will ignore one of them, so it doesn't matter if you specify both. I just want to know why it created it it in the client app.config

The reason is probably the same that svcutil and VS create huge config files for most services: They generate bindings/config with default settings, tweak them, and then serialize them into the config files, which means you get fairly extensive, verbose config files out of them because they include values (default or otherwise) for all properties in those configuration objects.