If you can passively sniff the traffic you see username and password
used by the FTP user in clear, unless the client uses FTPS. This is about
the security you get with plain telnet (instead of SSH) or authorized
access to mail servers which are not protected by TLS (most providers now
Once you have the credentials you can compromise the account. This is
not only deleting the data (i.e. denial of service), but grab any sensitive
data, manipulate data to spread false information etc. If the credentials
are also usable for SSH an attacker can log into the system as an
unprivileged user and from there it is often not far away to a whole system
compromise. Also, the same credentials are often used to access the users
email so you can compromise this too.
Which means, yes, it is completely insecure.
Apart from that, don't mix up FTPS and SFTP. FTPS is the FTP protocol
with TLS extended, while SFTP is file transfer over SSH. Some clients like
FileZilla support both and if you have the choice prefer SFTP because it is
much less hassle with firewalls.