Actually Hangdog it looks like I dont have much of a choice. I cannot allow real users to login to an FTP server and allow their passwords to be sent in clear text. Convenience should always come second to security. And you are right, I need to make an operational determination of whether or not real users accessing the site is necessary. Ultimately, if the answer is yes, then I will be forced to either require SSL traffic for all connections or run two seperate FTP deamons (an option which I had not considered until lithos pointed it out).
lithos: what kind of performance hit can I expect from running two FTP deamons? Will it take up a lot of resources?