XMLRPC is the standard protocol to allow an external application to integrate to Wordpress and create new posts.
ContentMX uses XMLRPC as well. XMLRPC is not an extra plug-in. It is a standard feature of the latest versions of Wordpress; however, we do have many clients that have "disabled" access to XMLRPC using .htaccess files and other forms of web security (like ModSecurity).
If this is the case, what we suggest is that your Wordpress admin use directives in htaccess (and in other places) to specifically allow our servers to access the XMLRPC feature. You can find the IP addresses of our servers here.
XMLRPC is the standard method for submitting content to Wordpress. The xmlrpc.php page is usually found in the root folder of your blog or website. It is no more secure or insecure than the Wordpress login page itself.