In-network data aggregation allows energy-efficient communication within a sensor network. However, such data aggregation introduces new security challenges. As sensor nodes are prone to node-compromise, a fraction of nodes might act maliciously and forge aggregated data. For arbitrary aggregation functions, the verification of authenticity of aggregated data, i.e., its correctness, integrity, and origin, is impossible. Thus, one can either aggregate data and save energy or verify authenticity, not both. We present "ESAWN", a protocol that probabilistically relaxes authenticity in the presence of a fraction of compromised nodes. This enables a trade-off between probabilistic authenticity and probabilistic, energy-saving data aggregation. Besides theoretical analysis, we present MICA2-based simulation results. They indicate that even for high probabilities of authenticity and fraction of compromised nodes, ESAWN is more energy-efficient compared to secure but non-aggregating communication. For example, with 20% compromised nodes and 90% authenticity, ESAWN saves up to 40% energy.