Source: Sniffing/Stealing FTP Passwords; Or, Why You Should Use FTPS instead of Plain FTP » Kea Sigma Delta
Plain FTP is insecure, and it’s pretty easy to sniff your username and password. Anyone who manages to connect to your network can capture network traffic, sniff out your FTP password, and then access/steal your files. Tools to do so are readily available.
The bottom line is: do NOT use plain FTP for file transfer if you value your data. Or, stick to plain FTP and risk being hacked. It’s up to you.
Personally, I value security. That’s why I wrote ZitaFTP Server. It’s a secure FTP server (i.e., an FTPS server). The password sniffing techniques shown above only work with plain FTP (and HTTP), and fail the moment secure connections are used. I highly recommend you stop using insecure plain FTP, and use FTPS instead. Yes, even within your own private network.