I asked what the OS is on both machines, rather than assume
Yes, encrypting the link will slow things down, but having a server running on the internet that accepts clear text logins is too much of a downfall to me. Unless you don't care for who gets into it and accesses your files... really depends on whether there's anything you consider personal or confidential on there.
Yes he did say no techie talk, but I'd rather first find out exactly what problem needs to be solved then state what I consider the best approach, rather than give a "one size fits all" when it may actually be a poor fit. 8-)
I think it was pretty obvious they were going to be XP PCs....
Virtually every webhost has std ftp open to internet, and correctly set up, is normally OK. Granted, people in the right (priveledged) places on the net can sniff the password, hence why you should change password at least monthly.
All of our Internet facing servers that have been 'hit' haven't been via FTP, but due to Linux's usual problem with iptables being flakey under heavy use (have to use iptables, as proper, dedicated firewalls are too slow for some applications).
For this application - swapping files, possibly large ones - straight FTP is easy to set up and performs well