Always Use Secure FTP (SFTP)
We just noticed this (somewhat scary) demo from the guys over at WordFence...
(from WordFence) Security Concepts: Half of all WordPress Plugin Vulnerabilities are XSS and Securing FTP
They not only show a live demo where they can grab (insecure) FTP password live from the network, they also show that about half of all WordPress plugins are vulnerable to cross site scripting. Scary stuff!