i reckon you could get away with: zip the file with a password, and rename as a .rtf, and present it on a www service for the client to pick up using basic authentication.
if the data is more sensitive than that, then you shouldn't be using an open line in the first place