I don't think you want to allow anonymous ftp to a site with backend scripting, if that's what you mean. Any flaws in server side code can be viewed and exploited, I think that is what you are asking...?
I am a newbie and am applying for a security analyst position where I currently work. I had an interview/discovery session on Friday and I was given a mock business case with the opportunity to address security concerns. I wasn't sure if this was an exposure but it was suggested I go to AO and see if anyone had any comments/thoughts on the issue.
It just didn't sound right that if we (the Bank) uses anonymous FTP to transmit data to the vendor and from the vendor back to us and if the front-end web server (of the vendor) and the back-end mainframe environment (of the vendor) was shared it just didn't sound right....
Especially when this occurs for the vendor's multiple clients, etc.