I believe org.jboss.ws.socketFactory is used for message level signing and encryption, not transport.
try put("javax.net.ssl....") in the request context.
I've complained about this and modified a version of the community stack for this purpose. There's a jira on it. No idea how it works in the eap version of jboss. It irritates me too. As a work around, I store the passwords encrypted on disk. Then at run time, I read in the passwords, decrypt them, then add them to System.properties, I suppose then you can remove them but it obviously depends on whether or not something else is relying on them