In his very first paragraph, he states:
"FTP is easy to use, reliable, and can be set up securely."
Since he never mentions how FTP can be set up securely, that statement is dangerously misleading at best.
FTP is absolutely, positively, in-no-way-what-so-ever secure. SFTP, yes. FTP, hell no. FTP can only be "set up securely" by using something else to encrypt the data within it prior to transmission or by placing FTP traffic within another encrypted protocol (like a VPN tunnel).
Using a password on a bare FTP transfer is arguably LESS secure than leaving it open to anonymous access. With anonymous access, it is obvious anyone can grab the file. With a password? FTP passwords are sent in cleartext, allowing any device that can see packets between the client & server to see the password. It may verify you are the FIRST person to know that password, but after you've shown it to everyone on the network it can't be assumed you're the ONLY one who knows it. Worse: even if a password is used, the payload is still unencrypted. Anyone on the network still sees everything. FTP does not support encryption of password or payload. If you want to either, use a modern protocol (SFTP) or put it in a tunnel.
Also, despite infosec's best efforts to discourage the practice, humans tend to re-use passwords. A lot. I'd rather there be no illusion of FTP transfers being secure than somebody wrongly believing they're protected by using an FTP password (likely also used to log into their webmail account, etc).
Keep Up with TechRepublic