This is a bit over-wrought. The important question this article doesn’t deal with is: what are those FTP servers hosting? If it’s anything which should be secured, that is a problem. But, if all it is, is a public file repository, then the extra complexity of SFTP or FTPS probably isn’t worth the trouble. My current company has an FTP server which is exactly this. It hosts product documentation and is meant to be public. While they probably should have moved on and just dumped all of it in an S3 bucket with public read, the FTP server is what our customers know and have used for decades. If it ain’t broke and the security isn’t a problem, it’s not really a priority.