Guspaz,

The suggestion wasn't to disable access to the "System" account (which should go without saying), but to have FTP logins that are completely separate from other logins in the system (like SSH).

Edit: bah! glg beat me to it.

True. That, of course, doesn't preclude the possibility of an FTP server exploit that might be made easier by the attacker having access to an FTP account. But does mitigate a lot of the risk.

I'd still urge that FTP is just a bad protocol to use in general, though; protocols that use cleartext authentication have no place on the net.

Agreed.

no question. scp/sftp are just as easy to use