- Sends passwords in plaintext
- Multiple-port design is the cause of many headaches for firewall administrators
- Generally considered insecure (though more for historical problems with server software than today's software)
Even if we accept that #3 is due to old and buggy software, #1 is reason enough to dump it. #2 isn't a big deal, since admins running firewalls tend to notice the problem the first week on the job and always keep it in mind from then on. However, it also is a problem for the firewall software itself (the early Linux 2.4 series packet filter had a bug where if you let FTP in, an attacker could get through any port).
Its not like there aren't better alterantives. In particular, the sftp subsystem that comes with OpenSSH is great. It's a one-line change to your sshd.config and works over the existing SSH port.
IMHO, HTTP is a poor subsitute for FTP, except as a quick-and-dirty document retrevial system. Uploading is hacked in, and its stateless nature has been the cause of hackery elsewhere.
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
Note: All code is untested, unless otherwise stated