> Most XMPP servers on the internet today are forgiving of certificates they don't trust...

I was not aware of that - I'll certainly investigate that possibility.

> Obviously falling back to DNS is not as secure

Of course, but it's still better than "plaintext".