I think I know what you are on about. I do not think it is a problem as long as permissions are correct. 644 seem correct to me as it only gives the owner access. Also as long as people prevent the ftp hack by having a good firewall installed and anti-virus/anti-malware program. Lastly not giving out your ftp account details is also good.
To be honest I do not see a password being stored in a file as a big problem. I have done a fair few Oracle database installs where there was no other option than see more to put the password in a file for validation. Oracle are pretty big on security and so if it is not a problem for them then is should not necessarily be a problem here. People just need to take the appropriate 'precautions'.
Although I understand your concerns Mydatery, as when I first had to do a database install, where I had place an unencrypted Oracle database admin password into a file, I stressed about it, but then it was explained to me. All said, this is a good blog post to inform and stress to people the importance of security and permissions.

Paul