The only reason FTP is insecure is because system admins still allow unencrypted FTP connections.
POP3 and HTTP is also insecure- it's up to the system admin to block insecure connections.
With most FTP server software I know (such as ServU or FileZilla Server) once you force SSL connections, the server will disconnect users on the USER command (before sending the password) if they are connected insecurely. So only if your system administrator wants to allow insecure connections, will you be allowed to transmit the password insecurely.
Why do people still connect using the old insecure FTP standard? It's the software.
I personally think FileZilla should connect using SSL Explicit by default. IQBox defaults to SSL, and prompts the user for a fallback.
So again I think it's a software issue, not a protocol issue.
With most FTP server software I know (such as ServU or FileZilla Server) once you force SSL connections, the server will disconnect users on the USER command (before sending the password) if they are connected insecurely. So only if your system administrator wants to allow insecure connections, will you be allowed to transmit the password insecurely.
Why do people still connect using the old insecure FTP standard? It's the software.
I personally think FileZilla should connect using SSL Explicit by default. IQBox defaults to SSL, and prompts the user for a fallback. So again I think it's a software issue, not a protocol issue.