True, but then again, FTP is not the best choice for sensible data after all, see f. i. http://cr.yp.to/ftp/security.html
I've just read that article. The conclusions he makes are not quite right, if not plain wrong (it's a client problem, not a protocol design bug: What would make a client send a RETR or STOR command if the data connection, be it PASV or PORT, has not been established yet succesfully?). I'll write an own article about it. Will be on http://portal.suse.de/ .
HTTP/TLS and OpenSSH's sftp are viable alternatives in many cases.
Thanks,
Roman.
--
- -
| Roman Drahtmüller