I was getting this error on windows 2000 running an ASP shopping cart. It appears to be due to security tightening in MSXML4.0 SP2.
I think this issue already happened (a few years ago), this latest instance was probably due to some of the released security fixes (April 2006 batch?),
Here are some solutions. Please note that since the first solution worked for me, I did not have to try the others.

A)
1. From the "Start" menu, select "Run", type "mmc" and then press ENTER.
2. From the "File" menu, select the item "Add/Remove Snap-In...".
3. In Add/Remove Snap-In, click "Add" button.
4. Select the "Group Policy" Snap-in and click the "Add" button, on the next screen click the "Finish" button (the default: Local Computer is good)Click the "Close" button and then the "OK" button.
5. Select Local Computer Policy -> User Configuration -> Windows Settings -> Internet Explorer Maintenance -> Security
6. Click on "Security Zones and Content Ratings"
7. For "Security Zones and Privacy", select the "Import..." radio button and click "Modify Settings"
8. Make sure you have set "Submit nonencrypted form data" to "Enable".

Other solution I have not tried since the previous solution worked:

B) Registry values:
HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings\Security_HKLM_only (Dword value) = 1
You may have to create CurrentVersion and Internet Settings

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1601 (Dword value) = 0

This will allow you to use ServerXMLHTTP post with msxml4 sp2.

C) Microsoft offered a download:
"Microsoft XML Parser
This update contains Microsoft XML (MSXML) functionality that will allow applications using MSXML to continue to function correctly after security update 832894, Security Update for Internet Explorer, has been applied."

Here is the KB article: XMLHTTP call fails for URLs with embedded user credentials