TLDR: Security: BasicHttp sends request in plain text and WsHttp implements WS-Security. Protocol: in BasicHttp, SOAP 1.1 and WsHttp, SOAP 1.2 (it also supports full WS federation). State management: BasicHttp is stateless, WsHttp supports state management.
|Security support||This supports the old ASMX style, i.e. WS-BasicProfile 1.1.||This exposes web services using WS-* specifications.|
|Compatibility||This is aimed for clients who do not have .NET 3.0 installed and it supports wider ranges of clients. Many of the clients like Windows 2000 still do not run .NET 3.0. So older version of .NET can consume this service.||As its built using WS-* specifications, it does not support wider ranges of client and it cannot be consumed by older .NET version less than 3 version.|
|Soap version||SOAP 1.1||SOAP 1.2 and WS-Addressing specification.|
|Reliable messaging||Not supported. In other words, if a client fires two or three calls you really do not know if they will return back in the same order.||Supported as it supports WS-* specifications.|
|Default security options||By default, there is no security provided for messages when the client calls happen. In other words, data is sent as plain text.||As
MSDN resource has complete list of the differences between bindings.